[ZPT] How are you ZPT users securing your interfaces?
Philip Kilner
phil at xfr.co.uk
Wed Feb 2 04:40:01 EST 2005
Hi Kevin,
Kevin Gill wrote:
> How are you ZPT users securing your interfaces?
>
I think Tino's response, that you should design the security such that
exposed scripts are handled appropriately, hits the nail on the head.
However, I'm wary of being over-confident of my own skills WRT securing
this in a bullet-proof way and have asked myself the same question. All
my Zope developments run behind Apache, and I found that I could apply a
script naming convention and a set of Apache rewrite rules which
prevented direct access to any of my scripts.
I wouldn't consider this as anything more than a backstop - you can't
"retro-fit" security (or quality!).
--
Regards,
PhilK
Email: phil at xfr.co.uk / Voicemail & Facsimile: 07092 070518
"it's very hard to talk quantum using a language originally
designed to tell other monkeys where the ripe fruit is"
- Lu-Tze
More information about the ZPT
mailing list