[Zope] Major security flaw in Zope 2.3.2

Toby Dickenson tdickenson@geminidataloggers.com
Thu, 07 Jun 2001 11:37:57 +0100


On Wed, 6 Jun 2001 22:03:57 +0200, Ragnar Beer
<rbeer@uni-goettingen.de> wrote:

>>Apache -> Squid -> Zope

>I never thought of having Squid between Apache and Zope
>but it sounds very interesting. What's the advantage over
>mod_proxy?

Squid's caching implementation seems to be more sophisticated; both in
terms of its handling of the HTTP caching headers, and the number of
things to tweak in squid.conf. If caching is crucial to your site then
I think Squid has a higher hit-rate ceiling, if you are willing to
invest some time in handling HTTP caching headers in your Zope
application.

However, I never really because proficient with mod_proxy's caching.
It was difficult to understand why certain requests were cached, and
others not, and difficult to obtain performance measures direct from
the cache. In contrast Squid can write detailed logs, and provides
alot of detailed information through a web-based management interface.
Squid makes the whole system more debuggable.


Another reasonable question is why I use both Squid and Apache, rather
than just Squid...... I find Apache good for virtual hosting, and
using mod_rewrite to glue various back-end resources into a single URL
namespace.

Toby Dickenson
tdickenson@geminidataloggers.com