[Zope] issues of trust, why security via mod_rewrite fails

[Oliver Bleutgen]

Jamie Heilman wrote:
>>At least with VHM, I think the solution is straightforward. Abandon the 
>>path for forwarding information to zope, and use custom http-headers 
>>instead. VHM then would delete these headers on traversal (to hide that 
>>information from not-so-trusted code inside zope).
>>
>>This solution would not only be more secure, it would also simplify the 
>>VHM code alot, and it would certainly be faster.
> 
> 
> Yeah I think you're right, the extra header occured to me too, I
> haven't hammered out any code yet (too busy updating the patchwork for
> 813) but its on my list.  

I had a look at it, too, and as far as I see most of the code is about 
juggling with the traversal stack.


> Now, while I think a new header is a good stop-gap I don't think its a 
 > permanent solution.
> The probablem of no canonical host name is still source of pain in zope 

Could you elaborate that a little bit? Are you referring to what is 
talked about in 813 or is there something else?


> and I have a hunch
> a long term solution will solve both problems at once, as well as be
> safe to use on a multi-user machine with potentially hostile accounts.
> I don't yet know what that solution might look like though.

cheers,
oliver