[Zope] www.oswg.org runs Zope?

Petru Paler ppetru@coltronix.com
Wed, 19 Apr 2000 14:43:55 +0300


On Wed, Apr 19, 2000 at 07:34:28AM -0400, srl wrote:
> Now, the fact that we can add /manage to any URL to edit the data seems
> like a potential security hole. all it would take to crack a Zope password
> would be running a password guesser with user 'superuser'. Or am I missing
> something here?

   Yes. If you are security-conscious you change the superuser account name
and choose a very hard to guess password.

-Petru