[Zope] installation security best practice question

Jens Vagelpohl jens at dataflake.org
Tue Mar 14 10:24:32 EST 2006


On 14 Mar 2006, at 15:13, Luca Olivetti wrote:
>> Unless you install software that lets users write to the file  
>> system through the web people cannot get to the filesystem.
>
> I usually install zope as root to /usr/local, then setup (or  
> actually use the already set up) instances for two different users,  
> one for production and the other for testing, so I don't want to  
> install as the same user, since I don't want to duplicate the zope  
> installation, only the instance, and that should be possible (in  
> fact it has been until now) without compromising security.

My point was that the "security" you speak of is illusory. You don't  
win anything.

jens




More information about the Zope mailing list