[Zope] Zope application offline - how to apply a license ptotection?

J Cameron Cooper jccooper at jcameroncooper.com
Thu Aug 14 16:15:38 EDT 2003 

>
>
>> > Our company is developing an application, supposed  to be run under
>> dedicated
>> > zope server, placed offline in our customers corporate environment and
>> > requested via LAN.
>>
>> > What would be the right way to protect this mechanism from hacking,
>> provied
>> > that zope is an open-source platform, so any code is hypothetically
>> > accessable by the customer and apllication is run completely 
>> offline with
>> no
>> > intercation  with our information system?
>> >
>> > The required level of protection is not really high, but  we need 
>> to be
>> safe
>> > from attempts to hack the application by modest programmers at least.
>>
>> 1. use dedicated server with crypted FS (eg., Linux), does not share ANY
>> passwords.
>> 2. does not allow to users gone above specified hierarchy of folders.
>> 3. disable for all other access than "view" all DTML Methods and
>> code-critical DTML documents.
>> etc...
>
> Except 1) the other measures protect against thru-the-web access, but 
> not from local access.
> Anyone who can read data.fs can see the user passwords, which the 
> standard UserFolder stores without encryption by default, and then can 
> log in as Manager and change anything.
> And anyone with write permission to the filesystem can create an 
> emergency user, log in as such, and modify all objects inside Zope 
> (the emergency user can do almost anything without restrictions, just 
> can't create new objects).
> Zope may have a good shield from web attacks but I think it is very 
> vulnerable for local intrusion or sabotage.

It is extremely difficult to protect against people with physical or 
root access to a machine. If I can sit down in front of it, I can get 
root, and unless you've got an encrypted filesystem, it's game over. And 
if I'm root on a running machine, probably even an encrypted filesystem 
won't do any good. Even less-priveledged users can be a threat, due to 
the possiblity of root exploits.

There was a thread a while back where I offered a number of possiblities 
on protecting a server, and specifically contents of a Zope system, 
against its own admins. (It started as someone looking for a way to 
encrypt ZODB contents on the way in.) Look for that. Maybe it'll help.

             --jcc

More information about the Zope mailing list