[EMAIL PROTECTED] wrote on 01/11/2007 12:07:37 PM: > Hi, > > I am writing a thesis about the security of Zope and have these > questions. I am wondering if this is the right place to ask. > > Is Zope behind Apache the only solution to provide SSL connection to Zope?
No, but it is the most common setup. Zope is believed to be very secure, but it has had, in no way, the amount of exposure, and thus battle-hardening that Apache has. Moreover using another web server in front of Zope has other benefits -- 1) Static content can usually be displayed faster using a system tuned for static content, rather than one tuned for dynamic content. 2) URL-rewriting makes it possible to transparently distribute site site content to multiple Zope versions or multiple machines. 3) In some circumstances, the front-end webserver can provide caching services, reducing the load on the Zope portion. > > If not what are the other options? Note: any SSL proxy can be used. Apache is just common, and does URL-rewriting. > Have there been any work on making Zope being able to handle SSL itself? It has been done in the past. I don't think that there is a current patch available. > If not, why it is hard to? Not particularly hard. You just don't get the other side-benefits. jim penny _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )