On Thursday, March 13, 2003, at 11:54 AM, Christian Tismer wrote:
Dear Zope community,
please excuse my ignorance, but I am asked from time to time how secure or insecure Zope actually is, and I always have to say that I actually don't know.
From a sysadmin's point of view, it is roughly equivalent to Apache with CGI or PHP.
The major differences are: - Zope's authentication & authorization systems are implicit in everything you write. It is harder to write insecure code than in PHP or CGI. - Anyone with ability to create dynamic content (dtml, python, zpt) can DOS your server. - You usually need to run Apache in front of Zope, which adds an additional attack point.
-- Stuart Bishop <[EMAIL PROTECTED]> http://shangri-la.dropbear.id.au/
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce