I almost have my company convinced that Zope is the technology to use for
our Intranet/Extranet. However they are very concerned with security. I have
proposed two security schemes that I would like zope community feed back on
for potential holes.
Option A: Poke a hole through our firewall on
Another option might be to proxy the Zope server through Apache on port 80.
- Original Message -
From: "Coleman, Bryan" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, September 12, 2000 12:43 PM
Subject: [Zope] Important Security Concerns
I almost have my company
-
From: Phil Harris [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, September 12, 2000 5:15 AM
To: Coleman, Bryan; [EMAIL PROTECTED]
Subject: Re: [Zope] Important Security Concerns
Another option might be to proxy the Zope server through Apache on port
80.
- Original Message
PROTECTED]
-Original Message-
From:Phil Harris [SMTP:[EMAIL PROTECTED]]
Sent:Tuesday, September 12, 2000 5:15 AM
To: Coleman, Bryan; [EMAIL PROTECTED]
Subject: Re: [Zope] Important Security Concerns
Another option might be to proxy the Zope server through Apache
Since I do this type of thing for a living, I can tell
you the best answer is Option B. If your company is that
security paranoid, a DMZ is always a better idea than
poking holes in end-to-end connections in the firewall.
On 12-Sep-2000 Coleman, Bryan wrote:
I almost have my company convinced
On Tue, Sep 12, 2000 at 08:31:52AM -0400, Coleman, Bryan wrote:
That would cause another whole set of problems, unless apache is inherity
more secure than Medusa. I was really wondering what the risks are
associated with those two options.
I think Zope behind apache is more secure than zope
