On March 13, Christian Tismer wrote:
please excuse my ignorance, but I am asked from time to time how secure or insecure Zope actually is, and I always have to say that I actually don't know.
How secure is your wallet?
I won't tell you (since this is insecure:).
You will never answer this until you define what you mean by "security", and what you are securing *against*.
This is quite a silly argument, IMHO. My simple question was alike "what kind of insecurity do I buy when I install Zope on my server". This question is asked from the POV of a system administrator. It is simple: Do I increase the possibility of somebody to obtain root rights, or do I not?
Zope is perfectly secure or some uses, and perfectly insecure for others.
Either it is secure for my server, in the sense I depicted above, or it is not. I don't see any relevance to any use, if I am using it on an exposed server in the internet. I think there should be one single answer, nothing else is relevant. ?
For example, for safe delegation of responsibility within a web application, in a trusted environment, Zope is "secure".
Run in an intranet service? Run on the same machine? What is your definition of "secure", if there is any?
However, as a mission-critical service exposed to the internet, it is wide-open.
Why is it wide open, and when is it wide open?
Thanks a lot, but this doesn't help me at all.
sorry - chris
-- Christian Tismer :^) <mailto:[EMAIL PROTECTED]> Mission Impossible 5oftware : Have a break! Take a ride on Python's Johannes-Niemeyer-Weg 9a : *Starship* http://starship.python.net/ 14109 Berlin : PGP key -> http://wwwkeys.pgp.net/ work +49 30 89 09 53 34 home +49 30 802 86 56 pager +49 173 24 18 776 PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04 whom do you want to sponsor today? http://www.stackless.com/
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce