[Zope] Can Zope 2.4.0 be run "naked" (without Apache/Squid/IIS)?

abg@comco-inc.com abg@comco-inc.com
Tue, 9 Oct 2001 11:17:26 -0500


On the "Zope Changes" page for Zope 2.4.0
(http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes
mentioned is "Fixed handling of invalid HTTP requests."

One of the main arguments (as I understood them) for running Zope behind
Apache/Squid/IIS was that Zope was susceptible to denial of service attacks
due to the way it handled HTTP requests. The Apache/Squid/IIS front-end was
used to sanitize the HTTP request.

Does the change made with the release of 2.4.0 fix this problem? If so, what
other roadblocks are there to running Zope "naked"?

Thanks,

Aaron Gillette
abg@comco-inc.com