[Zope] Zope Security

Andy McKay andym@ActiveState.com
Tue, 15 May 2001 08:51:14 -0700


And I would also point out that on the rare occasion a problem is found, DC
have fixed it asap. If not sooner.

Cheers.
--
  Andy McKay.


----- Original Message -----
From: "Andy McKay" <andym@ActiveState.com>
To: <zope@zope.org>; "Alastair Burt" <burt@dfki.de>
Sent: Tuesday, May 15, 2001 7:46 AM
Subject: Re: [Zope] Zope Security


> There do appear to be a large number of hotfixes but you could examine
what
> they are actually for since most are extremely obscure and dont actually
> present much of a risk. I rarely bother with most hotfixes, just move up
to
> the next Zope as it comes out.
>
> Zope is very secure, the only obvious problem is, as you say, passwords
are
> not encrypted.
> --
>   Andy McKay
>
> ----- Original Message -----
> From: "Alastair Burt" <burt@dfki.de>
> To: <zope@zope.org>
> Sent: Tuesday, May 15, 2001 7:15 AM
> Subject: [Zope] Zope Security
>
>
> > I am getting aggravation from our sysadmin, who is reluctant to poke
holes
> > in our new firewall for my Zope ports.  He claims he knows of no
software
> > in the last few years that has so many security holes.  Is there
anything
> > to justify this claim?  I know there are an alarmingly large number of
> Zope
> > hotfixes on the security mailing lists and that login passwords get sent
> in
> > the clear, when not using ssl.  On the other hand, I know of no attempt
to
> > hack a Zope site.
> >
> > --- Alastair
> >
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>