[Zope] Urgent help needed: Zope falls over under moderate loa d

Richard Jones richard@bizarsoftware.com.au
Thu, 22 Nov 2001 08:24:04 +1100


On Thursday 22 November 2001 00:56, Toby Dickenson wrote:
> >> Zope's http implementation is *not* *robust* enough to be exposed to
> >> the raw internet. It has a number of serious, and fairly obvious
> >> denial-of-service vulnerabilities.
> >
> >Toby, are these vulnerabilities in the collector?  If not, and you've
> >got the time, could you put them in there?
>
> Some of them were in the old collector.
>
> I dont think it would be humanly possible to list them all. Its more than a
> few bugs which individually may be fixable... Zope's http layer simply
> wasnt designed with this kind of robustness in mind, and its only a small
> exaggeration to say that *everything* is wrong.
>
> Also, Im not sure its worth the effort. This isnt the only compelling
> reason for using a font-end proxy. Using a proxy makes this problem a
> non-issue, so why bother fixing it?

... because it requires the installation of Yet Another Piece Of Software, 
which can fail or otherwise go sideways in its own peculiar ways.


     Richard