[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

Joachim Werner joe@iuveno.de
Tue, 9 Jan 2001 17:49:07 +0100


On Tuesday 09 January 2001 15:41, Martijn Pieters wrote:
> On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote:
> > Are you planning a manage_install for products?
> > The ability for superusers to install complelte products directly through
> > the management interface, no need for ftp.
> > similar to import/export feature
>
> I hope not!
>
> Anyone gaining management access to your Zope server will be
> able to install arbitrary products on your server and gain access to the
> file system.
>
> There is a strict dividing line between the file system and the ZMI,
> allowing installation through the web interface will cross that line with
> one giant step.

I think this is a political one. For me, the things that are really valuable 
on a web site are the data and the user information, which both are available 
through the web interface. At least if Zope runs as a user and has its own 
home directory, the additional damage that can be caused by people with file 
system access is not very high. O.k., they can shut down my server. They can 
do that by using "manage_shutdown" from the web anyway. Same with deleting 
all data on the server. IMHO a well-designed "over-the-web" installation 
concept would make Zope MORE secure, not less e.g.:

- You can work with full SSL-encryption, maybe even client certificates.
   This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
   while being the "better  TELNET/FTP" is not always an option, and it
   always opens up more than necessary)

- People won't hack together their own solutions for the problem (with
   LocalFS installed and me having the rights to add LocalFS instances, it
   would take me not very long to "infiltrate" any Zope server. Just add the
   "Extensions" folder via LocalFS and upload all you need as External
   Methods ...)

Cheers,

Joachim.