On 14 Mar 2006, at 15:13, Luca Olivetti wrote:
Unless you install software that lets users write to the file system through the web people cannot get to the filesystem.

I usually install zope as root to /usr/local, then setup (or actually use the already set up) instances for two different users, one for production and the other for testing, so I don't want to install as the same user, since I don't want to duplicate the zope installation, only the instance, and that should be possible (in fact it has been until now) without compromising security.

My point was that the "security" you speak of is illusory. You don't win anything.


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to