[Zope-Coders] Re: [Zope-dev] Zope 2.6 planning - call for contributors!

Shane Hathaway shane@zope.com
Fri, 01 Mar 2002 18:10:47 -0500


Toby Dickenson wrote:
> On Fri, 01 Mar 2002 09:48:08 -0500, marc lindahl <marc@bowery.com>
> wrote:
> 
> 
>>I would say, make SSL part of the standard z2.py, so you can turn on/off,
>>specify address, etc. of https ports just as you do with http ports (and of
>>course integrated with siteaccess2, etc.)
>>
> 
> Ive never really understood the motivation for wanting https support
> direct in Zope.... ZServer isnt robust enough to be exposed to the raw
> internet without risk. Today (and perhaps for the forseeable future,
> because its not clear that Zope want to take on the responsibility of
> ensuring it is that robust) if you care about security Zope really
> needs to be run behind a front-end-proxy, and the two popular choices
> for proxying, Squid and Apache, are already well endowed for https
> support.
> 
> Are there any common scenarios which need the protection given by
> https, but do not need the protection given by a front-end-proxy?

Small intranets and small community sites.

I assume the robustness you're talking about is protection against 
denial of service attacks, and I agree that ZServer (in its current 
state) is not as prepared to deal with that threat as Apache or Squid. 
But I don't think it's any more vulnerable to other kinds of attacks 
than other HTTP servers.  It doesn't use the filesystem and never runs 
with root privileges.

So if DoS doesn't concern you (which is the case for a *lot* of sites, 
including every site that's ever been slashdotted ;-) ), ZServer + SSL 
seems like a good idea.  Less mess.

Unfortunately, AFAIK the current SSL support for ZServer leaks memory 
too fast.

Shane