[Zope] Major security flaw in Zope 2.3.2

Farrell, Troy troy.farrell@wcg.com
Wed, 6 Jun 2001 09:46:39 -0500


<plug class="shameless">
Hurrah.com hosts
http://www.studyshare.net and 
https://www.studyshare.net
on Apache through PCGI for me.
It's on a dual P3/800 with a gig of Ram, so it's hard to see any performance
issues.
</plug>

Troy

-----Original Message-----
From: Rich Pinder [mailto:rpinder@usc.edu]
Sent: Wednesday, June 06, 2001 9:17 AM
To: 'Zope@Zope.org'
Subject: Re: [Zope] Major security flaw in Zope 2.3.2


Do many installs use this approach?  Any issues with using Apache SSL as
a passthru ??
I'm hoping performance impacts using this approach will be minimal.

rich


> For the security concious, ZServer is not quite tough enough to be
> exposed to the raw internet. If you have to use something like Apache
> as a front-end proxy anyway, then it might as well handle SSL too.
> 
> Toby Dickenson
> tdickenson@geminidataloggers.com

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )