Re: [Zope] medusa question

[Gary Shears]

  have regular old html
  files that I'd like to make available without fiddling with Zope. Is that
  possible?
 
 Not out of the box. ZServer, which is based on Medusa, doesn't support serving
 of HTML files from the local file system, it noly serves content out of Zope
 itself.
 
Slightly off topic, but related. Does this mean that the everything on local
file system is protected natively in zope. Short of things like buffer
overflows. What I mean is, can I somehow muck up security in Zope and
compromise my local system, or will only zope objects be affected?
 I'm an absolute newbie to zope, and still trying to get a handle on the
architecture.

Thanks,

gary

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

[Zope] Uh, I think I goofed (running as root)

[Gary Shears]

 
 Also keep in mind that Zope does not run as "root", so if you are
 running on a Unix-like system such as Linux, even if Zope were fully
 compromised an intruder would still have to find a security hole in
 something else before it's possible to write to arbitrary files.

I just checked the perms on zope, and it's owned by root. Started it, looked at
the processes owned by root (ps -u root) and 'python' shows up, with the same
PID as Z2.pid. Is there an easy way to fix this? 
Thanks in advance.
--gary

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )