[Zope] Zope and security

[Petru Paler]

On Mon, Aug 23, 1999 at 11:53:59AM +0200, Arnaud Lecat wrote:

> I'd like to talk about security and Zope. How secure is Zope ? If you
> have two
> interface on one server can you configure Zope to display manage screens
> and
> public Web pages on two different nic interface.

   The management interface is served from the same process as the main
pages, so you can't bind it to a different interface. But you could restrict
the access of the privileged users to the subnet of the second interface.

> Any known security bugs or exploits ? My sysadmin is paranoid about
> security...

   There are no exploits AFAIK. And it would be *very* hard (if not
impossible) to create one, because:
1. Zope is written in Python, so buffer overflows are impossible
2. You are running Zope as an unprivileged user, aren't you ?

> (he's the same who doesn't want to hear about Linux :) )

I'm-using-Linux-and-I'm-happy-about-that'ly yours, 
-Petru