[Zope] Important Security Concerns

Riku Voipio Riku.Voipio@tietoenator.com
Tue, 12 Sep 2000 17:59:00 +0300

On Tue, Sep 12, 2000 at 08:31:52AM -0400, Coleman, Bryan wrote:
> That would cause another whole set of problems, unless apache is inherity
> more secure than Medusa. I was really wondering what the risks are
> associated with those two options.

I think Zope behind apache is more secure than zope behind medusa, 
bacause of:

1. Finer grained control on access. 

One can add lines like the following:

RewriteCond %{REMOTE_ADDR} !^10\.0\.0\.(.*)
RewriteRule ^/Zope.*manage - [F]

Which would mean that only users from 10.0.0.* can 
access managment interfaces.

2. Wider usage of apache (a lot more security auditing) 

this is heavily IMHO.

> > > Option A: Poke a hole through our firewall on the primary http port or
> > on
> > > port 8080 to allow Zope pages through and then require authentication on
> > the
> > > first page.

> > > Option B: Set up a DMZ off the firewall to allow the same as the above.

I assume that you would firewall the DMZ as well. With a setup which 
allows maintainance to the ftp/ssh/whatever ports from your lan and 
only http traffic from elsewhere, this would be slightly more secure
than having the server on your lan. 

Is it worth depends on how much you trust on the potential users, and 
how much time you hcope with the extra maintainance load of the DMZ. 
Assuming you don't already have a DMZ...

If you have limited set of extranet users, you can tighten up by restricting 
access at firewall only from IP address ranges of your clients.

Riku Voipio
09-862 60764