On Thursday 13 March 2003 9:25 am, Lennart Regebro wrote:

> 5. Protecting yourself against denial of service:
> Zope does not seem to crash if you send random data to it, and I have in
> logs seen attemps to overflow buffers and the like that obviously are
> attempt to crash or break in to other (MS) servers, without this
> affecting Zope at all.

There is evidence that this is not true.

> If you don't trust Zope in this, you can put
> Apache in front of it.

> In this sense Zope is again VERY secure.

Zope is insecure

Zope+Squid(or Apache or Pound)+OS resource limits+careful choice of products  
is secure

(Note that  I dont consider this a flaw in Zope.)
Toby Dickenson

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to