[Zope] Can Zope 2.4.0 be run "naked" (without Apache/Squid/IIS)?

Andy McKay andym@ActiveState.com
Tue, 9 Oct 2001 09:19:10 -0700


Zope runs just fine without anything in front of it and despite the issues
you mentioned have never had the slightest problem.

Cheers.
--
  Andy McKay.


----- Original Message -----
From: <abg@comco-inc.com>
To: <zope@zope.org>
Sent: Tuesday, October 09, 2001 9:17 AM
Subject: [Zope] Can Zope 2.4.0 be run "naked" (without Apache/Squid/IIS)?


> On the "Zope Changes" page for Zope 2.4.0
> (http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the changes
> mentioned is "Fixed handling of invalid HTTP requests."
>
> One of the main arguments (as I understood them) for running Zope behind
> Apache/Squid/IIS was that Zope was susceptible to denial of service
attacks
> due to the way it handled HTTP requests. The Apache/Squid/IIS front-end
was
> used to sanitize the HTTP request.
>
> Does the change made with the release of 2.4.0 fix this problem? If so,
what
> other roadblocks are there to running Zope "naked"?
>
> Thanks,
>
> Aaron Gillette
> abg@comco-inc.com
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>