[Zope] Important Security Concerns

M. Adam Kendall mak@kha0s.org
Tue, 12 Sep 2000 10:52:32 -0400 (EDT)


Since I do this type of thing for a living, I can tell
you the best answer is Option B.  If your company is that
security paranoid, a DMZ is always a better idea than
poking holes in end-to-end connections in the firewall.

On 12-Sep-2000 Coleman, Bryan wrote:
> I almost have my company convinced that Zope is the technology to use for
> our Intranet/Extranet. However they are very concerned with security. I
> have
> proposed two security schemes that I would like zope community feed back
> on
> for potential holes.
> 
> Option A: Poke a hole through our firewall on the primary http port or on
> port 8080 to allow Zope pages through and then require authentication on
> the
> first page.
> 
> Option B: Set up a DMZ off the firewall to allow the same as the above.
> 
> Any feed back would be welcome.

--
M. Adam Kendall         |       Got Linux?
Internetworking &       |         We do.
 Security Architect     |
akendall@devis.com      |  http://www.devis.com