[EMAIL PROTECTED] wrote on 01/11/2007 12:07:37 PM:

> Hi,
> 
> I am writing a thesis about the security of Zope and have these
> questions. I am wondering if this is the right place to ask.
> 
> Is Zope behind Apache the only solution to provide SSL connection to 
Zope?

No, but it is the most common setup.  Zope is believed to be very secure,
but it has had, in no way, the amount of exposure, and thus 
battle-hardening
that Apache has.

Moreover using another web server in front of Zope has other benefits --
  1)  Static content can usually be displayed faster using a system tuned
      for static content, rather than one tuned for dynamic content.
  2)  URL-rewriting makes it possible to transparently distribute site
      site content to multiple Zope versions or multiple machines.
  3)  In some circumstances, the front-end webserver can provide caching
      services, reducing the load on the Zope portion.

> 
> If not what are the other options?

Note:  any SSL proxy can be used.  Apache is just common, and does
URL-rewriting.

> Have there been any work on making Zope being able to handle SSL itself?

It has been done in the past.  I don't think that there is a current
patch available.

> If not, why it is hard to?

Not particularly hard.  You just don't get the other side-benefits.


jim penny


_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to