[Zope] Zope/Plone secure enough for the army?

Jamie Heilman jamie at audible.transient.net
Thu Apr 8 06:55:33 EDT 2004


Andre Meyer wrote:
> For a multi-national military project I have suggested using Plone as 
> CMS and collaboration platform. However, I need to convince people that 
> Zope/Plone is secure enough to prevent leaking of sensitive data.

Security always depends on how deeply you want to look.  At the end of
the day, any application will only be as secure as you can make it
given your understanding of the problem.  Very few people would be so
brash as to claim to understand *every* aspect of zope and its
security implications.  What matters is how well you understand what
it is you're trying to accomplish and how the tools at your disposal
work.  That said, can you define "sensitive data?"  Is a username
sensitive data?  Is a document a user uploads senstive data?  Is the
path the on the host system the software is running beneath sensitive
data?  To answer "is X secure enough" you have to be able to define
"enough."

> Is it possible to set up a publicly accessible Web server with Plone 
> that contains public as well as private data neatly separated depending 
> on login user and group? Even group members should not be able to see 
> data of other groups unless explicitly permitted to do so.

Sure.  Provided you understand what you're doing and limit the
privileges of your users accordingly.

> best pattern of use? Are there good examples of similar deployments 
> (NATO, NASA)? How do they deal with this?

The "best" (there's no such thing) pattern of use for secure
applications is probably that of 'least privilege'.  If you don't need
it, get rid of it.  If a user doesn't need to do something, make it so
they can't.  [Of course, I've seen people try to take this too far and
actually end up hurting system security; again, you have to know what
you're doing.]

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"You came all this way, without saying squat, and now you're trying
 to tell me a '56 Chevy can beat a '47 Buick in a dead quarter mile?
 I liked you better when you weren't saying squat kid." -Buddy



More information about the Zope mailing list