>>> Ragnar Beer wrote
> Howdy everyone!
> I will soon have a Zope-site ready to go online. How can I make shure 
> that I did everything (concerning Zope) to stop intruders? Where can 
> I find information about protecting a Zope-site? Has anyone had 
> security problems so far?

Easiest (most brutal?) fix I've found - hide Zope behind an Apache,
and prohibit access to any URLs of the form .*/manage.*

If you don't need to use basic auth to the Zope, then use a rewrite
rule to strip out any Authentication headers in the requests.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to