[Zope] Securing Zope and Special URLs

Dylan Reinhardt zope at dylanreinhardt.com
Thu Sep 11 01:42:18 EDT 2003


On Wed, 2003-09-10 at 16:46, Roy Rapoport wrote:
> Jamie Heilman wrote:
> [Zope Security is an oxymoron]
> > 3) Never use DTML.
> 
> Why?

Because DTML offends some Zope users' sense of aesthetics, that's why.

What... you need a reason besides that? :-)

IMO, DTML is a perfectly good templating language as long as that's all
you use it for.  It isn't ASP.  

When you use logic more complex than "if X, print Y" you should probably
be using Python.  For my money, TAL provides almost no major advantage
over DTML except that it breaks before you get into trouble using it for
too much logic.  For those of us who are grown ups and can be trusted to
use tools correctly, DTML is a perfectly valid choice.

As for Zope being unsecurable.  Well, in some sense, everything is. 
That doesn't mean it's not worth doing what you can.

My top ten tips for securing Zope:
1. Run it behind Apache
2. SSL-secure your ZMI*
3. Disable all non-web Zope services (FTP, WebDAV)
4. Run different customers on different instances.
5. Block all ports besides 80 and whatever else is essential
6. Plan security carefully and enforce minimum privileges.
7. Examine default Folder permissions.
8. Audit your logs
9. Add Zope (!=/var/*) to your IDS scan.  You *are* running an IDS, yes?
10.Harden your server and enforce secure operating policies.

* It is difficult to exhaustively detect "management" methods with a
rewrite rule.  It is easy, however, to set up an SSL-secured vhost
called manage.domain.com.  This provides admins with an easy way of
knowing that they are using secure logins.  Disable unsecured access to
/manage just to make sure nobody forgets.

HTH,

Dylan




More information about the Zope mailing list