Re: [Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage'?
[This thread should not be crossposted to both mailling lists. I'm following up to zope-dev, and will post a note to zope saying i did so. In general, please do *not* cross-post - it's almost never justified, certainly isn't in this case.] On Tue, 9 Jan 2001, Mohan Baro wrote: > My view is that as a sysadmin, I rather give ZOPE superuser/manager the > ability install products through ZOPE, rather than giving them access to the > OS. The point is that giving web-access visitors the ability to install products inherently gives them total OS/filesystem access, with the authority of the account that is running zope. As things stand, you can give out web access *without* this OS/FS exposure - you're talking about eliminating the discretion. > Another view I have is that I do not want my developers to think about which > platform they are working on. This convenience will be at the cost of risk. If you're willing to take the risk, products that give filesystem and command access will give that to you. (Is local filesystem access what LocalFS does?) Zope shouldn't _force_ you to be exposed to that risk, just because some people want the convenience. > ZOPE runs on a variety of OSes and each one of then have their own way of > providing file/directory security (or no security win9x). Zope should rely > on its own security for its products. ... overriding the discretion of the system administrators? Not proper. System administrators should have the choice - if they don't, they'll refuse to run zope in droves - and well they ought to refuse. Ken Manheimer [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] Re: [Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
* Joachim Werner sez: Ok, let me try to understand this one. I am a bit dumb, sorry... > - You can work with full SSL-encryption, maybe even client certificates. >This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP, >while being the "better TELNET/FTP" is not always an option, and it >always opens up more than necessary) what exactly does SSH open uo 'more than necessary'. Sufficient clue on admin's side provided? > - People won't hack together their own solutions for the problem (with >LocalFS installed and me having the rights to add LocalFS instances, it >would take me not very long to "infiltrate" any Zope server. Just add the >"Extensions" folder via LocalFS and upload all you need as External >Methods ...) That requires a few things, if I am not mistaken... a) ZServer runs as anything but nobody/nogroup and is not jail(8)ed/chrooted. If that is the case, well, I'd personally shoot the admin responsible for that if something comes up. b) ${ZOPEROOT}/Extensions allows nobody to write into it - shoot admin. http://www.post1.com/home/ngps is a good way to start securing Zope, the problem of transmitting passwords in the clear is a big one, but has been solved at my domains by deploying SecurID-tokens, which might not be the ultiamte solution (lots of stuff I wanted to hide is still transmitted in the clear) but is a good start. jonas -- Jonas Luster -- http://smurftarget.net (while netwarriors.org is down) -- [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
On Tuesday 09 January 2001 15:41, Martijn Pieters wrote: > On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote: > > Are you planning a manage_install for products? > > The ability for superusers to install complelte products directly through > > the management interface, no need for ftp. > > similar to import/export feature > > I hope not! > > Anyone gaining management access to your Zope server will be > able to install arbitrary products on your server and gain access to the > file system. > > There is a strict dividing line between the file system and the ZMI, > allowing installation through the web interface will cross that line with > one giant step. I think this is a political one. For me, the things that are really valuable on a web site are the data and the user information, which both are available through the web interface. At least if Zope runs as a user and has its own home directory, the additional damage that can be caused by people with file system access is not very high. O.k., they can shut down my server. They can do that by using "manage_shutdown" from the web anyway. Same with deleting all data on the server. IMHO a well-designed "over-the-web" installation concept would make Zope MORE secure, not less e.g.: - You can work with full SSL-encryption, maybe even client certificates. This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP, while being the "better TELNET/FTP" is not always an option, and it always opens up more than necessary) - People won't hack together their own solutions for the problem (with LocalFS installed and me having the rights to add LocalFS instances, it would take me not very long to "infiltrate" any Zope server. Just add the "Extensions" folder via LocalFS and upload all you need as External Methods ...) Cheers, Joachim. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )