[Zope] Important Security Concerns
Tue, 12 Sep 2000 15:12:21 +0200
I know not much about security because I don't have to worry about it, but
out of your talk, it seems that your company finds apache secure. Then why
don't you just run Zope behind Apache with a FASTCGI, or something else?
Sorry if I'm completely missing the point of your problem.
At 08:31 12/09/2000 -0400, you wrote:
>That would cause another whole set of problems, unless apache is inherity
>more secure than Medusa. I was really wondering what the risks are
>associated with those two options.
>- Bryan Patrick Coleman
> Questcon Technologies
> (336)273-2428 ext-416
>> -----Original Message-----
>> From: Phil Harris [SMTP:email@example.com]
>> Sent: Tuesday, September 12, 2000 5:15 AM
>> To: Coleman, Bryan; firstname.lastname@example.org
>> Subject: Re: [Zope] Important Security Concerns
>> Another option might be to proxy the Zope server through Apache on port
>> ----- Original Message -----
>> From: "Coleman, Bryan" <email@example.com>
>> To: <firstname.lastname@example.org>
>> Sent: Tuesday, September 12, 2000 12:43 PM
>> Subject: [Zope] Important Security Concerns
>> > I almost have my company convinced that Zope is the technology to use
>> > our Intranet/Extranet. However they are very concerned with security. I
>> > proposed two security schemes that I would like zope community feed back
>> > for potential holes.
>> > Option A: Poke a hole through our firewall on the primary http port or
>> > port 8080 to allow Zope pages through and then require authentication on
>> > first page.
>> > Option B: Set up a DMZ off the firewall to allow the same as the above.
>> > Any feed back would be welcome.
>> > - Bryan Patrick Coleman
>> > Questcon Technologies
>> > (336)273-2428 ext-416
>> > email@example.com
>> > _______________________________________________
>> > Zope maillist - Zope@zope.org
>> > http://lists.zope.org/mailman/listinfo/zope
>> > ** No cross posts or HTML encoding! **
>> > (Related lists -
>> > http://lists.zope.org/mailman/listinfo/zope-announce
>> > http://lists.zope.org/mailman/listinfo/zope-dev )
>Zope maillist - Zope@zope.org
>** No cross posts or HTML encoding! **
>(Related lists -
> http://lists.zope.org/mailman/listinfo/zope-dev )