[Zope] www.oswg.org runs Zope?
J. Atwood
jatwood@bwanazulia.com
Wed, 19 Apr 2000 07:53:00 -0400
At 7:34 AM -0400 4/19/2000, srl wrote:
>Now, the fact that we can add /manage to any URL to edit the data seems
>like a potential security hole. all it would take to crack a Zope password
>would be running a password guesser with user 'superuser'. Or am I missing
>something here?
To some degree yes. But no more than leaving the telnet, or FTP port
open on a machine. If someone knows the username and password, they
will get in. Since the superuser password is randomly generated (and
it a pretty tough one) on each install as long as you don't change it
to something wickedly stupid it should be fine.
J