Re: [Zope3-dev] Certification: Twisted versus Zope / native HTTPS or Apache
Hi, Am Mittwoch, den 14.12.2005, 13:03 +0100 schrieb Christian Theune: > Ok. So in favor of the mainstream (and trusted!) configuration, I'll go > for using the standard Twisted/HTTP server in combination with a local > Apache that provides SSL to the web browser. Actually that also means that I only will mention Apache as an additional add-on, because we do not want to certify the Apache setup itself. It will look like this: - Zope is only certified on using the HTTP server - You are required to use an encryption proxy in front of it, to ensure a trusted path to the user. - A famous proxy is Apache with a certain standard configuration. We can even show how the configuration will look like with Apache, but that very likely won't be certified as a secure Apache setup is totally out of our scope. Christian -- gocept gmbh & co. kg - schalaunische str. 6 - 06366 koethen - germany www.gocept.com - [EMAIL PROTECTED] - phone +49 3496 30 99 112 - fax +49 3496 30 99 118 - zope and plone consulting and development signature.asc Description: This is a digitally signed message part ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] Certification: Twisted versus Zope / native HTTPS or Apache
Hi, Am Mittwoch, den 14.12.2005, 06:39 -0500 schrieb Rob Page: > On Dec 14, 2005, at 6:28 AM, Martijn Faassen wrote: > > So, I think Apache has its place in front of Twisted, > > just like Apache now has its place in front of > > ZServer. > > +1. IIUC, the C2 certification is > configuration-dependent suggesting we work to get the > most mainstream/popular config certified. Ok. So in favor of the mainstream (and trusted!) configuration, I'll go for using the standard Twisted/HTTP server in combination with a local Apache that provides SSL to the web browser. Fine with that. -- gocept gmbh & co. kg - schalaunische str. 6 - 06366 koethen - germany www.gocept.com - [EMAIL PROTECTED] - phone +49 3496 30 99 112 - fax +49 3496 30 99 118 - zope and plone consulting and development signature.asc Description: This is a digitally signed message part ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] Certification: Twisted versus Zope / native HTTPS or Apache
On Dec 14, 2005, at 6:28 AM, Martijn Faassen wrote: Christian Theune wrote: > > How do you feel about the use of the HTTPS server > > of twisted instead of requiring the user to channel > > it through an external HTTPS server, e.g. apache? [...] > So, I think Apache has its place in front of Twisted, > just like Apache now has its place in front of > ZServer. +1. IIUC, the C2 certification is configuration-dependent suggesting we work to get the most mainstream/popular config certified. -- Rob Page V: 540 361 1710 Zope Corporation F: 703 995 0412 ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] Certification: Twisted versus Zope / native HTTPS or Apache
Christian Theune wrote: giving recommendations about security, we advice everyone to put their communication on protected lines. E.g. use HTTPS. As we are targetting Zope 3.3, I think twisted can be the recommended configuration option for Zope to run with. Agreed. How do you feel about the use of the HTTPS server of twisted instead of requiring the user to channel it through an external HTTPS server, e.g. apache? I wonder how Apache front-ends would work with a HTTPS backend; would that give rise to new issues in configuring Apache and Zope together? There's little experience in this domain, I expect. We'll have to see how things settle, but configuring Apache is familiar to many people and is knowledge that applies far and wide outside Zope, so I expect Apache frontends, also for HTTPS, will continue to be very important in Zope deployments in the forseeable future. Possibly off on a tangent: Twisted gets us out of the server business, but I don't want us to get into a situation where we're saying: "Don't use this well-known Apache stuff that half the web is using! Use Twisted, something you never heard of before! Trust us, it's better!". Since we're not in the server business, we don't want to have to convince people that our server is better or whatever, or even make it very visible that it exists (ZServer isn't very visible to the outside as something Zope does, and I like it just fine that way). We use Twisted as it does the job, not because we're advocates that want to convince people to use it. So, I think Apache has its place in front of Twisted, just like Apache now has its place in front of ZServer. Regards, Martijn ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com