Since I do this type of thing for a living, I can tell
you the best answer is Option B.  If your company is that
security paranoid, a DMZ is always a better idea than
poking holes in end-to-end connections in the firewall.

On 12-Sep-2000 Coleman, Bryan wrote:
> I almost have my company convinced that Zope is the technology to use for
> our Intranet/Extranet. However they are very concerned with security. I
> have
> proposed two security schemes that I would like zope community feed back
> on
> for potential holes.
> Option A: Poke a hole through our firewall on the primary http port or on
> port 8080 to allow Zope pages through and then require authentication on
> the
> first page.
> Option B: Set up a DMZ off the firewall to allow the same as the above.
> Any feed back would be welcome.

M. Adam Kendall         |       Got Linux?
Internetworking &       |         We do.
 Security Architect     |

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to