[Zope] Important Security Concerns
Tom Deprez
tom.deprez@uz.kuleuven.ac.be
Tue, 12 Sep 2000 15:12:21 +0200
I know not much about security because I don't have to worry about it, but
out of your talk, it seems that your company finds apache secure. Then why
don't you just run Zope behind Apache with a FASTCGI, or something else?
Sorry if I'm completely missing the point of your problem.
Regards, Tom.
At 08:31 12/09/2000 -0400, you wrote:
>That would cause another whole set of problems, unless apache is inherity
>more secure than Medusa. I was really wondering what the risks are
>associated with those two options.
>
>- Bryan Patrick Coleman
> Questcon Technologies
> (336)273-2428 ext-416
> bcoleman@questcon.com
>
>> -----Original Message-----
>> From: Phil Harris [SMTP:phil.harris@zope.co.uk]
>> Sent: Tuesday, September 12, 2000 5:15 AM
>> To: Coleman, Bryan; zope@zope.org
>> Subject: Re: [Zope] Important Security Concerns
>>
>> Another option might be to proxy the Zope server through Apache on port
>> 80.
>>
>>
>> ----- Original Message -----
>> From: "Coleman, Bryan" <bcoleman@questcon.com>
>> To: <zope@zope.org>
>> Sent: Tuesday, September 12, 2000 12:43 PM
>> Subject: [Zope] Important Security Concerns
>>
>>
>> > I almost have my company convinced that Zope is the technology to use
>> for
>> > our Intranet/Extranet. However they are very concerned with security. I
>> have
>> > proposed two security schemes that I would like zope community feed back
>> on
>> > for potential holes.
>> >
>> > Option A: Poke a hole through our firewall on the primary http port or
>> on
>> > port 8080 to allow Zope pages through and then require authentication on
>> the
>> > first page.
>> >
>> > Option B: Set up a DMZ off the firewall to allow the same as the above.
>> >
>> > Any feed back would be welcome.
>> >
>> > - Bryan Patrick Coleman
>> > Questcon Technologies
>> > (336)273-2428 ext-416
>> > bcoleman@questcon.com
>> >
>> >
>> > _______________________________________________
>> > Zope maillist - Zope@zope.org
>> > http://lists.zope.org/mailman/listinfo/zope
>> > ** No cross posts or HTML encoding! **
>> > (Related lists -
>> > http://lists.zope.org/mailman/listinfo/zope-announce
>> > http://lists.zope.org/mailman/listinfo/zope-dev )
>
>_______________________________________________
>Zope maillist - Zope@zope.org
>http://lists.zope.org/mailman/listinfo/zope
>** No cross posts or HTML encoding! **
>(Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>
>