[Zope] scary security questions

Paul Abrams paul@hiringtools.com
Thu, 11 May 2000 14:55:31 -0700 (PDT)


We are putting our site up and have some questions about
Zope security relating to one of Zope's biggest
benefits...remote administration. If some kid obtained
access to the manage screens he could...well you know :(

1) What prevents someone from getting into the manage
screens by cracking the admin username:password? Are failed
login attempts logged anywhere? If not, is there any way to
log them short of hacking the zope python code?

2) Is there any way to turn off the manage screens, or set
them so that they can only be run locally?

5 er...3) Is there any way to run the manage screens on a
different port than the rest of Zope? (i.e. not port 80)
This would allow us to open/close that port in our firewall
whenever we needed to access the manage screens remotely,
or run it over a VPN.

What are other people doing to protect themselves?

Thanks in advance,
-Paul

__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/