Adrian van den Dries wrote:
On March 13, Christian Tismer wrote:

please excuse my ignorance, but I am asked
from time to time how secure or insecure
Zope actually is, and I always have to say
that I actually don't know.

How secure is your wallet?

I won't tell you (since this is insecure:).

You will never answer this until you define what you mean by
"security", and what you are securing *against*.

This is quite a silly argument, IMHO. My simple question was alike "what kind of insecurity do I buy when I install Zope on my server". This question is asked from the POV of a system administrator. It is simple: Do I increase the possibility of somebody to obtain root rights, or do I not?

Zope is perfectly secure or some uses, and perfectly insecure for

Either it is secure for my server, in the sense I depicted above, or it is not. I don't see any relevance to any use, if I am using it on an exposed server in the internet. I think there should be one single answer, nothing else is relevant. ?

For example, for safe delegation of responsibility within a web
application, in a trusted environment, Zope is "secure".

Run in an intranet service? Run on the same machine? What is your definition of "secure", if there is any?

However, as a mission-critical service exposed to the internet, it is

Why is it wide open, and when is it wide open?

Thanks a lot, but this doesn't help me at all.

sorry - chris

Christian Tismer             :^)   <mailto:[EMAIL PROTECTED]>
Mission Impossible 5oftware  :     Have a break! Take a ride on Python's
Johannes-Niemeyer-Weg 9a     :    *Starship*
14109 Berlin                 :     PGP key ->
work +49 30 89 09 53 34  home +49 30 802 86 56  pager +49 173 24 18 776
PGP 0x57F3BF04       9064 F4E1 D754 C2FF 1619  305B C09C 5A3B 57F3 BF04
     whom do you want to sponsor today?

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to