[Zope] - ANN: CodeIt does Zope hosting

[Bruce Perens]

You forgot "Zope doesn't run under a privileged user ID".

It sounds to me as if it would be simple enough, given the way PCGI-wrapper
works, to run Zope in a chroot jail. Apache belongs in there, too. This does
not close _all_ holes, though.

	Thanks

	Bruce

From: Paul Everitt <Paul@digicool.com>
> In general, when talking about the through-the-web part of Zope:
> 
> o The access control machinery tries to cover nearly everything
> 
> o Jim Fulton went to great lengths to make DTML and expr's "safe",
> though more work can be done.
> 
> o Hallelujah, you _don't_ deal with files on the filesystem! :^)
> 
> o All user information and security information is internal to Zope and
> not mixed in with /etc/passwd or group, file system permissions, etc.
> 
> o Users only exist in their part of the Folder system, thus can't take
> control of someone else's area
> 
> ..plus more I probably haven't thought of.
 
--
The $70 Billion US "budget surplus" hardly offsets our $5 Trillion national
debt. The debt increased by $133 Billion in the same year we found a
"surplus". More debt is predicted for 1999. See www.concordcoalition.org .
Bruce Perens K6BP bruce@pixar.com 510-620-3502 NCI-1001