On Thursday, March 13, 2003, at 11:54 AM, Christian Tismer wrote:

Dear Zope community,

please excuse my ignorance, but I am asked
from time to time how secure or insecure
Zope actually is, and I always have to say
that I actually don't know.

From a sysadmin's point of view, it is roughly equivalent to Apache with CGI or PHP.

The major differences are:
        - Zope's authentication & authorization systems
                are implicit in everything you write. It is
                harder to write insecure code than in PHP
        or CGI.
        - Anyone with ability to create dynamic content
          (dtml, python, zpt) can DOS your server.
        - You usually need to run Apache in front of
                Zope, which adds an additional attack point.

Stuart Bishop <[EMAIL PROTECTED]>

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to