[Zope] Zope Security
Phil Harris
phil.harris@zope.co.uk
Tue, 15 May 2001 15:49:18 +0100
Chris said:
> Consider also that Zope contains a webserver, a database, its own
templating
> language, and its own search engine. Advise your admin to check the
number
> of combined security reports for Apache, MySQL, embperl, and HTdig for the
> last year, and compare them against the number reported and fixed in Zope.
> I'd imagine they're comparable.
Hardly comparable!
Zope probably has less Security issues than other comparable pieces of
software, for instance IIS.
A lot less.
>
> - C
>
>
> ----- Original Message -----
> From: "Alastair Burt" <burt@dfki.de>
> To: <zope@zope.org>
> Sent: Tuesday, May 15, 2001 10:15 AM
> Subject: [Zope] Zope Security
>
>
> > I am getting aggravation from our sysadmin, who is reluctant to poke
holes
> > in our new firewall for my Zope ports. He claims he knows of no
software
> > in the last few years that has so many security holes. Is there
anything
> > to justify this claim? I know there are an alarmingly large number of
> Zope
> > hotfixes on the security mailing lists and that login passwords get sent
> in
> > the clear, when not using ssl. On the other hand, I know of no attempt
to
> > hack a Zope site.
> >
> > --- Alastair
> >
> >
> > _______________________________________________
> > Zope maillist - Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://lists.zope.org/mailman/listinfo/zope-announce
> > http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )