[Zope] Zope/Plone secure enough for the army?

PieterB PieterB at gewis.nl
Thu Apr 8 06:47:52 EDT 2004



On Thu, Apr 08, 2004 at 12:07:10PM +0200, Andre Meyer wrote:
> For a multi-national military project I have suggested using Plone as 
> CMS and collaboration platform. However, I need to convince people that 
> Zope/Plone is secure enough to prevent leaking of sensitive data.

There are a lot of technologies you can use. For example: Use Apache
as front-end server, use https and 128 bit encryption, use
certificates/pki (with or without tokens), single sign-on, ldap/active
directory/radius, use seperate zope/plone instances.  There are
enough technical means to choose from.

Zope3 might get TUV-IT approved, see
http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Zope3Newsletter9
(don't know current status)

Take the following quote of Bruce Scheiner into consideration:

	"If you think technology can solve your security problems,
	then you don't understand the problems and you don't
	understand the technology"

So focus on non-technology side of information security: for example
'Code voor informatiebeveiliging' (I assume you're dutch), British
BS 7799 2002 standard on security, ISO17799, etc..

Pieter



More information about the Zope mailing list