* Joachim Werner sez:
Ok, let me try to understand this one. I am a bit dumb, sorry...
- You can work with full SSL-encryption, maybe even client certificates.
This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
while being the "better TELNET/FTP" is not always an option, and it
always opens up more than necessary)
what exactly does SSH open uo 'more than necessary'. Sufficient clue on
admin's side provided?
- People won't hack together their own solutions for the problem (with
LocalFS installed and me having the rights to add LocalFS instances, it
would take me not very long to "infiltrate" any Zope server. Just add the
"Extensions" folder via LocalFS and upload all you need as External
Methods ...)
That requires a few things, if I am not mistaken...
a) ZServer runs as anything but nobody/nogroup and is not
jail(8)ed/chrooted. If that is the case, well, I'd personally shoot
the admin responsible for that if something comes up.
b) ${ZOPEROOT}/Extensions allows nobody to write into it - shoot admin.
http://www.post1.com/home/ngps is a good way to start securing Zope, the
problem of transmitting passwords in the clear is a big one, but has
been solved at my domains by deploying SecurID-tokens, which might not
be the ultiamte solution (lots of stuff I wanted to hide is still
transmitted in the clear) but is a good start.
jonas
--
Jonas Luster -- http://smurftarget.net (while netwarriors.org is down) --
[EMAIL PROTECTED]
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
