[Zope] ZServer Security Question

Andreas Jung Andreas Jung" <andreas@digicool.com
Wed, 18 Jul 2001 10:20:52 -0500


I assume this comes from FTP logins. You should not be worried.
Zope can't determine (in a  efficient way) if a user/password
is allowed to login. Therefore every login is successful. BUT
it checks the permissions when someone tries to access an object.
The reason is that you can have lots and lots of user folders inside Zope.
and it would too much time to walk through all folder and search for the
permissions. It's really not a security problem.

Andreas


----- Original Message -----
From: "Chris Gray" <cpgray@library.uwaterloo.ca>
To: <zope@zope.org>
Sent: Mittwoch, 18. Juli 2001 09:15
Subject: [Zope] ZServer Security Question


> I'm getting a number of "Successful login" entries in Zope log files.
> (I've included a sample of the log entries below.)  I'm not sure what this
> message means, but I'm concerned about unknown users logging in to
> ZServer.
>
> This instance of Zope is only used for intranet stuff and yet the
> connections are comming from other domains.
>
> I recently took down an instance of Microsoft IIS that was running on port
> 80 on this machine (for security reasons) and moved the Zope instance from
> port 8080 to port 80.
>
> Thanks,
> Chris
>
> 2001-07-16T16:47:58 INFO(0) ZServer Incoming connection from
> 64.230.186.27:3742
> ------
> 2001-07-16T16:48:02 INFO(0) ZServer Successful login.
> ------
> 2001-07-17T03:53:02 INFO(0) ZServer Incoming connection from
> 205.211.56.250:4409
>
> ------
> 2001-07-17T03:53:03 INFO(0) ZServer Incoming connection from
> 205.211.56.250:4493
>
> ------
> 2001-07-17T09:52:40 INFO(0) ZServer Incoming connection from
> 212.190.2.185:4867
> ------
> 2001-07-17T09:52:40 INFO(0) ZServer Successful login.
> ------
> 2001-07-18T00:48:33 INFO(0) ZServer Incoming connection from
> 172.190.169.14:4190
>
> ------
> 2001-07-18T00:48:34 INFO(0) ZServer Successful login.
> ------
> 2001-07-18T10:06:29 INFO(0) ZServer Incoming connection from
> 217.4.246.45:1935
> ------
> 2001-07-18T10:06:29 INFO(0) ZServer Successful login.
>
>
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )