[Zope] Secure Database Access

oliver.erlewein@sqs.de oliver.erlewein@sqs.de
Tue, 30 Apr 2002 09:26:59 +0200 (MET DST)


Hi Ing.

Well for one thing don't open the HTTP Port use only HTTPS!!! Lock FTP and WebDAV access within Zope. Use the longest SSL-Cert you can find! If it's really crytical the you can also use x509 certs-per-user. For more details on that check up on M2Crypto.

With the Domains option in Zope (acl_users) you can do things like write access only from IP Range 192.168.xxx.xxx and readonly from all external access. But beware when using Apache with Proxypass. Then you need the additional Packet Proxy_Via because the IP Adresses don't get routed through.

Regards Oliver Erlewein