[Zope] Zope application offline - how to applyalicense ptotection?

[Dylan Reinhardt]

On Fri, 2003-08-15 at 10:59, Dario Lopez-Kästen wrote:
> From: "Jaroslav Lukesh" <lukesh at seznam.cz>
> >> Odesílatel: Dylan Reinhardt <zope at dylanreinhardt.com>
> >> On Thu, 2003-08-14 at 13:15, J Cameron Cooper wrote:
> >> > It is extremely difficult to protect against people with physical or
> >> > root access to a machine. If I can sit down in front of it, I can get
> >> > root
> >>
> >> Indeed.
> >
> >I am not as sure. If you have securitelly configured system and case
> > with security lock, you could not get local access in any manner.
> 
> uhm... it will get a bit *harder*, not impossible. Important to note that it
> will *never* be impossible. As long as there is a console available to the
> machine it will work.

+1

If you unplug your server and lock it in a bank vault, it might be
impossible to hack.  Any running, networked server should be regarded as
being somewhat more vulnerable.  Providing *any* level of physical
access represents increased risk... even if the physical access only
extends to the network equipment.  You're not going to lock up the
routers, are you?

It's a rare server that can stand up to even a couple hours of probing
by a knowledgeable and sufficiently determined attacker.   If you want
to know if your server can be rooted the answer is yes, it can.  

Ultimately, this is a question of mitigating and managing risk.  That's
why I'd approach it as a legal question.  Make it hard enough that
nobody is going to break in by accident and take legal measures to
provide disincentives against determined attack.

$.02

Dylan