[Zope] Zope Security

Andy McKay andym@ActiveState.com
Tue, 15 May 2001 07:46:59 -0700


There do appear to be a large number of hotfixes but you could examine what
they are actually for since most are extremely obscure and dont actually
present much of a risk. I rarely bother with most hotfixes, just move up to
the next Zope as it comes out.

Zope is very secure, the only obvious problem is, as you say, passwords are
not encrypted.
--
  Andy McKay

----- Original Message -----
From: "Alastair Burt" <burt@dfki.de>
To: <zope@zope.org>
Sent: Tuesday, May 15, 2001 7:15 AM
Subject: [Zope] Zope Security


> I am getting aggravation from our sysadmin, who is reluctant to poke holes
> in our new firewall for my Zope ports.  He claims he knows of no software
> in the last few years that has so many security holes.  Is there anything
> to justify this claim?  I know there are an alarmingly large number of
Zope
> hotfixes on the security mailing lists and that login passwords get sent
in
> the clear, when not using ssl.  On the other hand, I know of no attempt to
> hack a Zope site.
>
> --- Alastair
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>