[Zope] zope for webhosting

Chris McDonough chrism@digicool.com
Thu, 17 Feb 2000 23:23:56 -0500


Errr... Zope's big but it's not magical :-)  It can't subvert standard
UNIX security.  You can be assured that it will run under whatever UID
you tell it to run under (except root).  So I'm not sure I understand
the guy's concern.  I imagine it's just too much trouble for him to dig
deeply into.  In case you haven't noticed yet, most people don't like to
take the time to learn new things.  :-)  I would suggest finding a
Zope-friendly ISP instead of wrestling with this one.

"darcy w. christ" wrote:
> 
> i'm trying to convince my webhosting service that zope is a good thing.
> The guy there has some concern.  Could anyone help me to convince him,
> or are his concerns valid?  Is anyone using zope in this kind of
> multiuser environment?
> 
> > The main issue is security -- we have to be able to run each user-supplied
> > program with the UID of the user who owns it.  If all user-supplied
> > applications run with the same UID (the UID of a server, or of some
> > pseudo-user), that would be a problem which would most probably prevent us
> > from being able to implement this safely in a multi-user environment.  We
> > run all CGIs with user UIDs, but zope's architecture may circumvent that,
> > even when run as a CGI, judging from what I've read so far.
> >
> --
> ~/darcy w. christ
> 416.463.8385
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )

-- 
Chris McDonough
Digital Creations, Inc.
Zope - http://www.zope.org