[Zope] Urgent help needed: Zope falls over under moderate loa
d
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 21 Nov 2001 13:56:27 -0000
>> Zope's http implementation is *not* *robust* enough to be exposed to
>> the raw internet. It has a number of serious, and fairly obvious
>> denial-of-service vulnerabilities.
>Toby, are these vulnerabilities in the collector? If not, and you've
>got the time, could you put them in there?
Some of them were in the old collector.
I dont think it would be humanly possible to list them all. Its more than a
few bugs which individually may be fixable... Zope's http layer simply wasnt
designed with this kind of robustness in mind, and its only a small
exaggeration to say that *everything* is wrong.
Also, Im not sure its worth the effort. This isnt the only compelling reason
for using a font-end proxy. Using a proxy makes this problem a non-issue, so
why bother fixing it?