Since I do this type of thing for a living, I can tell
you the best answer is Option B.  If your company is that
security paranoid, a DMZ is always a better idea than
poking holes in end-to-end connections in the firewall.

On 12-Sep-2000 Coleman, Bryan wrote:
> I almost have my company convinced that Zope is the technology to use for
> our Intranet/Extranet. However they are very concerned with security. I
> have
> proposed two security schemes that I would like zope community feed back
> on
> for potential holes.
> 
> Option A: Poke a hole through our firewall on the primary http port or on
> port 8080 to allow Zope pages through and then require authentication on
> the
> first page.
> 
> Option B: Set up a DMZ off the firewall to allow the same as the above.
> 
> Any feed back would be welcome.

--
M. Adam Kendall         |       Got Linux?
Internetworking &       |         We do.
 Security Architect     |
[EMAIL PROTECTED]      |  http://www.devis.com


_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to