[Zope] Zope/Plone secure enough for the army?
PieterB
PieterB at gewis.nl
Thu Apr 8 06:47:52 EDT 2004
On Thu, Apr 08, 2004 at 12:07:10PM +0200, Andre Meyer wrote:
> For a multi-national military project I have suggested using Plone as
> CMS and collaboration platform. However, I need to convince people that
> Zope/Plone is secure enough to prevent leaking of sensitive data.
There are a lot of technologies you can use. For example: Use Apache
as front-end server, use https and 128 bit encryption, use
certificates/pki (with or without tokens), single sign-on, ldap/active
directory/radius, use seperate zope/plone instances. There are
enough technical means to choose from.
Zope3 might get TUV-IT approved, see
http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Zope3Newsletter9
(don't know current status)
Take the following quote of Bruce Scheiner into consideration:
"If you think technology can solve your security problems,
then you don't understand the problems and you don't
understand the technology"
So focus on non-technology side of information security: for example
'Code voor informatiebeveiliging' (I assume you're dutch), British
BS 7799 2002 standard on security, ISO17799, etc..
Pieter
More information about the Zope
mailing list