[Zope] Running Management Interface on Separate HTTP Port

Hung Jung Lu hungjunglu@hotmail.com
Thu, 24 Feb 2000 08:02:18 PST


"roland reumerman" <zope_dd-@hotmail.com> wrote:
>the issue of SECURITY. The Zope web app server and accompanying Oracle 
>database will be run off the same machine on the extranet, so there's no 
>security issue with our itnranet there. However, the consultant from the 
>firewall company recommended that we use different HTTP ports for the 
>customer interface/application and the management interface.

If you are serious about security, you should install two
copies of the Zope server. One development copy, and one
production copy. Development copy lives inside the firewall,
production copy lives outside. You update the production
copy only once a while (say, once a month or once a week.)
The best strategy is to make the production copy READ-ONLY.
Since you are using Oracle database, this shouldn't be
a problem.

----------------

And now a question from me to zopists: is there a way to
disable all management commands on a Zope site? Or
do I have to use Apache re-write rules to block all
URLs ending in things like .../manage, .../REQUEST,
.../manage_workspace, etc? Seems a lot of work to me.

regards,

Hung Jung

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com