I know not much about security because I don't have to worry about it, but
out of your talk, it seems that your company finds apache secure. Then why
don't you just run Zope behind Apache with a FASTCGI, or something else?

Sorry if I'm completely missing the point of your problem.

Regards, Tom.

At 08:31 12/09/2000 -0400, you wrote:
>That would cause another whole set of problems, unless apache is inherity
>more secure than Medusa. I was really wondering what the risks are
>associated with those two options.
>
>- Bryan Patrick Coleman
>  Questcon Technologies
>  (336)273-2428 ext-416
>  [EMAIL PROTECTED]
>
>> -----Original Message-----
>> From:        Phil Harris [SMTP:[EMAIL PROTECTED]]
>> Sent:        Tuesday, September 12, 2000 5:15 AM
>> To:  Coleman, Bryan; [EMAIL PROTECTED]
>> Subject:     Re: [Zope] Important Security Concerns
>> 
>> Another option might be to proxy the Zope server through Apache on port
>> 80.
>> 
>> 
>> ----- Original Message -----
>> From: "Coleman, Bryan" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Tuesday, September 12, 2000 12:43 PM
>> Subject: [Zope] Important Security Concerns
>> 
>> 
>> > I almost have my company convinced that Zope is the technology to use
>> for
>> > our Intranet/Extranet. However they are very concerned with security. I
>> have
>> > proposed two security schemes that I would like zope community feed back
>> on
>> > for potential holes.
>> >
>> > Option A: Poke a hole through our firewall on the primary http port or
>> on
>> > port 8080 to allow Zope pages through and then require authentication on
>> the
>> > first page.
>> >
>> > Option B: Set up a DMZ off the firewall to allow the same as the above.
>> >
>> > Any feed back would be welcome.
>> >
>> > - Bryan Patrick Coleman
>> >   Questcon Technologies
>> >   (336)273-2428 ext-416
>> >   [EMAIL PROTECTED]
>> >
>> >
>> > _______________________________________________
>> > Zope maillist  -  [EMAIL PROTECTED]
>> > http://lists.zope.org/mailman/listinfo/zope
>> > **   No cross posts or HTML encoding!  **
>> > (Related lists -
>> >  http://lists.zope.org/mailman/listinfo/zope-announce
>> >  http://lists.zope.org/mailman/listinfo/zope-dev )
>
>_______________________________________________
>Zope maillist  -  [EMAIL PROTECTED]
>http://lists.zope.org/mailman/listinfo/zope
>**   No cross posts or HTML encoding!  **
>(Related lists - 
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>
>

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to