[Zope] Urgent help needed: Zope falls over under moderate loa d

Toby Dickenson tdickenson@geminidataloggers.com
Wed, 21 Nov 2001 13:56:27 -0000


>> Zope's http implementation is *not* *robust* enough to be exposed to
>> the raw internet. It has a number of serious, and fairly obvious
>> denial-of-service vulnerabilities.

>Toby, are these vulnerabilities in the collector?  If not, and you've
>got the time, could you put them in there?

Some of them were in the old collector.

I dont think it would be humanly possible to list them all. Its more than a
few bugs which individually may be fixable... Zope's http layer simply wasnt
designed with this kind of robustness in mind, and its only a small
exaggeration to say that *everything* is wrong.

Also, Im not sure its worth the effort. This isnt the only compelling reason
for using a font-end proxy. Using a proxy makes this problem a non-issue, so
why bother fixing it?