[Zope] Zope Best Possible Installation

Jamie Heilman jamie@audible.transient.net
Fri, 13 Jun 2003 14:11:43 -0700

Robert Segall wrote:
> > On Fri, Jun 13, 2003 at 01:15:13AM -0700, Jamie Heilman wrote:
> > > Zope requires a proxy server which can place limits request length for
> > > secure operation.  If pound doesn't provide them, then pound is not
> > > suitable where secure operation is required.
> To set everybody's mind to rest: Pound does set a limit (albeit large - by 
> default almost 16K) on the size of a request. In addition only "correctly 
> formed" requests (as per RFC) are passed to the back-end servers.
> In practice this means that Pound routinely rejects (for example) Nimda-style 
> requests - see the log files for "Bad request" messages.
> Clarification: "request size" means the size of the request _string_, not the 
> total size of an HTTP request. There is no limit on the total size of the 
> _data_ (in a POST request, for example) that a client can send to a server.

No, no, request size means the whole request, I'm the one who used
that term, and thats what I ment.  Request header length limits are
all well and good, and as of 2.6 Zope even has some of its own:
http://collector.zope.org/Zope/606  Nevertheless header limits are not
sufficient by themselves, body length limits are requisite for
reliable operation.  ZServer will read an entire POST request into
memory, so without a protective proxy it is trivial for a client to
run the Zope process into the rlimit or worse.  If Pound does not
provide this protection then Pound is not suitable where secure (read
as: reliable) operation is required.

Jamie Heilman                   http://audible.transient.net/~jamie/
"Most people wouldn't know music if it came up and bit them on the ass."
                                                        -Frank Zappa