[Zope] Zope Security
Andy McKay
andym@ActiveState.com
Tue, 15 May 2001 08:51:14 -0700
And I would also point out that on the rare occasion a problem is found, DC
have fixed it asap. If not sooner.
Cheers.
--
Andy McKay.
----- Original Message -----
From: "Andy McKay" <andym@ActiveState.com>
To: <zope@zope.org>; "Alastair Burt" <burt@dfki.de>
Sent: Tuesday, May 15, 2001 7:46 AM
Subject: Re: [Zope] Zope Security
> There do appear to be a large number of hotfixes but you could examine
what
> they are actually for since most are extremely obscure and dont actually
> present much of a risk. I rarely bother with most hotfixes, just move up
to
> the next Zope as it comes out.
>
> Zope is very secure, the only obvious problem is, as you say, passwords
are
> not encrypted.
> --
> Andy McKay
>
> ----- Original Message -----
> From: "Alastair Burt" <burt@dfki.de>
> To: <zope@zope.org>
> Sent: Tuesday, May 15, 2001 7:15 AM
> Subject: [Zope] Zope Security
>
>
> > I am getting aggravation from our sysadmin, who is reluctant to poke
holes
> > in our new firewall for my Zope ports. He claims he knows of no
software
> > in the last few years that has so many security holes. Is there
anything
> > to justify this claim? I know there are an alarmingly large number of
> Zope
> > hotfixes on the security mailing lists and that login passwords get sent
> in
> > the clear, when not using ssl. On the other hand, I know of no attempt
to
> > hack a Zope site.
> >
> > --- Alastair
> >
> >
> > _______________________________________________
> > Zope maillist - Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > ** No cross posts or HTML encoding! **
> > (Related lists -
> > http://lists.zope.org/mailman/listinfo/zope-announce
> > http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>