[Zope] defacement/crack statistics
Jason C. Leach
jleach@mail.ocis.net
Mon, 4 Jun 2001 10:35:27 -0700 (PDT)
hi,
An automated 'hotfix' management system would be a really good tool to
implement in Zope. Perhaps a simple button in the Control Panel to
fetch and install the latest hotfixes.
j.
......................
..... Jason C. Leach
... University College of the Cariboo.
..
On Mon, 4 Jun 2001, Michel Pelletier wrote:
> On Sun, 3 Jun 2001 kosh@aesaeion.com wrote:
>
> > Does anyone have any statistics on how often zope servers tend to get
> > cracked? I have been looking on line and so far I have found no data on
> > that. Either there has not been one which is unlikely or they are
> > extremely rare which is more likely considering the ACL system.
> >
> > Need some information for customers and these kinds of numbers would be
> > very useful.
>
> I've been around since the pre-Zope, and I also help do commercial support
> for DC. I have never once heard from the community, or from a customer,
> of any successful or unsuccessful crack of Zope. I, like you, would be
> very interested to hear of one.
>
> Of course it can happen, there are well known exploits for older versions
> of Zope, three major ones in the last year and a half, if memory serves
> right. All of those exploits were fixed the same day they were reported,
> often within hours, and new versions and security updates for older
> versions were released, so even if there is an older version and the
> maintainer patched it with a hotfix, it's safe (from the known exploit).
>
> Most explits (as far as I know) are discovered by community members in the
> course of their experimentation with Zope. This is one of the greatest
> strengths of open source. Of course, there's nothing like a full blown
> security audit, but them again, there's nothing like roasting hot
> dogs over large piles of burning money either.
>
> -Michel
>
>
>
>