Re: [Zope] Zope on a shared host behind Apache?

[Sven Deichmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

you may face several problems with shared hosts:

- - you may not have the privilege to configure apache to your needs (you
may be able to via .htaccess)

- - you may lack the privilege to compile/install software (including the
Zope instance. Remember that you need to compile parts of Zope!)

- - needed software could be unavailable to you (python)

If the provider uses security modules you may also not be able to open
ports.

Also remember that the zope instance will most probably run as your user
and will have the same privileges as you (its unlikely you will be able
to execute it as different user or create one...) including the ability
to wipe out the whole directory content.

Regards,
Sven

Marty McFly schrieb:
> Hello,
> 
> I've just tried to install zope on a shared host which is run by an Apache 
> server. I have seen on the net, that there are 3 possibilities to run Zope 
> together with Apache: rewrite_rules, ProxyPass and FastCGI. As far as I've 
> seen, all of these 3 modules are already installed on the server. However, I 
> think that you need to have root/superuser/...-privileges in order to use one 
> of these methods, right?
> 
> Unfortunately, I don't have any of those privileges... I only have 
> write-access to my personal home-directory. Do you have an idea what Icould 
> do instead?
> 
> Thanks, Martin
> 
> P.S.: I'm having problems with my mail-provider. I hope this won't be a 
> double-post again.
> 
> Schnell und einfach ohne Anschlusswechsel zur Lycos DSL Flatrate wechseln und 
> 3 Monate kostenlos ab effektiven 5,21 EUR pro Monat im ersten Jahr surfen.
> http://www.lycos.de/startseite/online/dsl/index.html?prod=DSL&trackingID=email_footertxt
> 
> 
> 
> 
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

- --
- ---
  Information nimmt Gestalt an... - 
- ---
Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER
Fon: +49(0)234/ 935386-03  * Fax: 935386-06 * [EMAIL PROTECTED]
- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkP9bwoACgkQx3fK1szFYvlaAgCfeprj/+yvNyBt50AH1RNKf9G3
Gf4An3rADqhHGnnSei3r1SiQ1/nHjsAT
=qBNF
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope 2.8.x and python security audit

[Sven Deichmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Well. But when will that be? And when will Plone be ported to Z3? And
when will Plone be certified? ;)

And after all: Is Z3 ready to use? :D

Sven

Andreas Jung schrieb:
> 
> 
> --On 27. Januar 2006 09:38:12 +0100 Sven Deichmann
> <[EMAIL PROTECTED]> wrote:
> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Oh well... no news is not always good news. I could also mean that PHP
>> is much more popular and under more surveillance while python is only
>> good known to professional crackers...
>>
>> The problem is, that in this usecase we won't be able to use Zope if
>> there is no official, independent security certificate for it.
>>
>> Which could lead to such a certificate for Zope, but more likely to a
>> commercial CMS for which a certificate exists.
>>
>> We are talking about a pharmaceutical company that is bound to
>> international regulations regarding software systems in such companies.
>> Especially all Interface functions have to be tested with every possible
>> input.
>>
> 
> Then forget about Zope 2 and look at Z3. Zope 3 is currently on the way
> to be certified for the Common Criteria (hope this is the official
> name). You should look through the zope3-dev mailinglist archive for
> details.
> 
> -aj
> 

- --
- ---
  Information nimmt Gestalt an... - <http://www.werkbank.com>
- ---
Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER
Fon: +49(0)234/ 935386-03  * Fax: 935386-06 * [EMAIL PROTECTED]
- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPZ6WgACgkQx3fK1szFYvndFACfX6qA2zE9qcPaZzZMF5JtYVEj
rG8Ani08Ors7gdteo/lweTHEzTeFR0Eh
=Bi0i
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope 2.8.x and python security audit

[Sven Deichmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Well, acutally secureness in this case has not really something to do
with protection against attackers. It's more secureness in the sense of
consistency and data security.
The system has to be determined in every way and every step must be
reversible and traceable.
That is possible with PHP based solutions. But PHP is not necessarily
what I meant ;)

Regards,
Sven

Tino Wildenhain schrieb:
> Sven Deichmann schrieb:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Oh well... no news is not always good news. I could also mean that PHP
>> is much more popular and under more surveillance while python is only
>> good known to professional crackers...
>>
>> The problem is, that in this usecase we won't be able to use Zope if
>> there is no official, independent security certificate for it.
> 
> While I wonder who could prossibly proofe PHP or PHP based solutions
> secure in the meaning of secureness in Zope. ;)
> 
> Regards
> Tino
> 

- --
- ---
  Information nimmt Gestalt an... - <http://www.werkbank.com>
- ---
Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER
Fon: +49(0)234/ 935386-03  * Fax: 935386-06 * [EMAIL PROTECTED]
- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPZ59YACgkQx3fK1szFYvlj6ACfV2b+dKtKHZ1jI8RgXgbULSDs
d4AAn06hzp1IM/I+n6blAJW5sDa0ybEs
=t1El
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope 2.8.x and python security audit

[Sven Deichmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Oh well... no news is not always good news. I could also mean that PHP
is much more popular and under more surveillance while python is only
good known to professional crackers...

The problem is, that in this usecase we won't be able to use Zope if
there is no official, independent security certificate for it.

Which could lead to such a certificate for Zope, but more likely to a
commercial CMS for which a certificate exists.

We are talking about a pharmaceutical company that is bound to
international regulations regarding software systems in such companies.
Especially all Interface functions have to be tested with every possible
input.


Regards,
Sven

Andreas Jung schrieb:
> 
> 
> --On 26. Januar 2006 10:13:35 +0100 Sven Deichmann
> <[EMAIL PROTECTED]> wrote:
> 
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hello!
>>
>> I read on the german zope user group homepage, that Zope 2.8.4 is not
>> supported on python 2.4.x, because of the missing security audit.
>> That is good to know, but... who did the security audit for python
>> 2.3.x? Where can I read about that? What was done?
> 
> There was never an official protocol..the audit was executed at Zope
> Corporation (ask Jim Fulton for details). There were also some glitches
> with
> RestrictedPython that had to be fixed when switching to
> new Python version.
> 
>> (Where is the
>> protocol?)
> 
>> That is a nice argument why one should prefer
>> plone/zope/python over typo3/php, but only if we can prove that...
>>
> 
> I doubt that such an information matters much to _promote_ Zope & Co.
> The weekly bugs in PHP are self-explanatory :-)
> 
> -aj
> 
> 

- --
- ---
  Information nimmt Gestalt an... - <http://www.werkbank.com>
- ---
Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER
Fon: +49(0)234/ 935386-03  * Fax: 935386-06 * [EMAIL PROTECTED]
- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPZ2/QACgkQx3fK1szFYvmRNQCdGWTryfKGn/NMPpM2PRxjUqAn
6nQAn2sRSrlBRGKOGmXlJup0Guow9F1t
=lyKL
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Zope 2.8.x and python security audit

[Sven Deichmann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello!

I read on the german zope user group homepage, that Zope 2.8.4 is not
supported on python 2.4.x, because of the missing security audit.
That is good to know, but... who did the security audit for python
2.3.x? Where can I read about that? What was done? (Where is the protocol?)
That is a nice argument why one should prefer plone/zope/python over
typo3/php, but only if we can prove that...

Can someone point me to more information about that topic?

Regards,
Sven Deichmann

- --
- ---
  Information nimmt Gestalt an... - <http://www.werkbank.com>
- ---
Werkbank Multimedia GmbH * Bergstrasse 152 * 44791 Bochum * GER
Fon: +49(0)234/ 935386-03  * Fax: 935386-06 * [EMAIL PROTECTED]
- ---
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkPYkr4ACgkQx3fK1szFYvn3TgCeLyI9ijZuj6lwG8Ijb8oxNgQ0
ce0Ani802ynidbjqe0IZN8CFQi/yUgP2
=XUY6
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )