[Zope] ZServer security question

Doug Chamberlin DChamberlin@AndoverSoftware.com
Tue, 25 Jun 2002 13:58:13 -0400


I've seen some people advise not placing a ZServer server directly 
accessible on the Internet due to security concerns. I guess the 
recommended practice is to front the Zope service via Apache, et al. I have 
no great objection to this but I'd like to know more about why. Zope, 
itself, appears to this newbie to be reasonably secure with the user_acl 
stuff built in. Are appearances deceiving?