[Zope] Can Zope 2.4.0 be run "naked" (without Apache/Squid/IIS)?

Toby Dickenson tdickenson@geminidataloggers.com
Wed, 10 Oct 2001 16:40:40 +0100


On Tue, 9 Oct 2001 11:17:26 -0500, abg@comco-inc.com wrote:

>On the "Zope Changes" page for Zope 2.4.0
>(http://www.zope.org/Products/Zope/2.4.0/CHANGES.txt), one of the =
changes
>mentioned is "Fixed handling of invalid HTTP requests."
>
>One of the main arguments (as I understood them) for running Zope behind
>Apache/Squid/IIS was that Zope was susceptible to denial of service =
attacks
>due to the way it handled HTTP requests. The Apache/Squid/IIS front-end =
was
>used to sanitize the HTTP request.

yes

>Does the change made with the release of 2.4.0 fix this problem?

not all of them

>If so, what
>other roadblocks are there to running Zope "naked"?

I personally wouldnt expose a "naked" ZServer to an untrusted network
without a major rewrite; it simply hasnt been designed for that job.


Toby Dickenson
tdickenson@geminidataloggers.com