[Zope] Does Zope support HTTP Trace method??
Jay Zeemer
jzeemer at edcor.com
Fri Mar 11 11:18:22 EST 2005
Actually if you query the Zope web service to see what it supports it tells
you:
Allowed HTTP Methods: GET, HEAD, POST, PUT, DELETE, OPTIONS, TRACE,
PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK
TRACE allows for some XSS problems and I just want to make sure I have the
server locked down against as many vulnerbilities as I can. I can not find
any mention of the Zope Web Server supporting TRACE so I am trying to find
out if it actually does support it or if its just reacting to the query.
The tool I used is called Nikto, its just an HTTP assult tool. It looks
through a predefined list like Nessus, but restricts its self to possible
HTTP issues. It also plays a lot nicer on a network :)
Jay
-----Original Message-----
From: Chris Withers [mailto:chris at simplistix.co.uk]
Sent: Friday, March 11, 2005 10:35 AM
To: Jay Zeemer
Cc: 'zope at zope.org' List Mailing
Subject: Re: [Zope] Does Zope support HTTP Trace method??
Jay Zeemer wrote:
> In a lot of HTTP servers there is a method used for debugging sessions and
> such called TRACE. Does Zope support this?? And if so is it active, or
> inactive by default?? How can I turn this on and off??
I'm not aware of any TRACE support in Zope. You run it behind Apache
maybe? You been poking with Nessus? ;-)
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list