[Zope] Securing Zope and Special URLs
Dieter Maurer
dieter at handshake.de
Sat Sep 13 07:12:53 EDT 2003
Roy Rapoport wrote at 2003-9-10 11:34 -0700:
> As part of a re-engineering of our Zope infrastructure, I'm tasked with
> finding any documentation out there on how to secure Zope sites in a
> best-practices sort of way. Anyone got any pointers?
Jamie Heilman (who also answered to your post) discovered
a set of security risks. Search the mailing list archives
for his security related posts.
To avoid the ":action/method" risk (pointed out by Jamie)
we will extend the VHM (virtual host monster) to do the
"forbidden URL checking" rather than doing it in Apache (which
does not see the complete URL).
Dieter
More information about the Zope
mailing list