[Zope] SSL and Apache
JPenny at ykksnap-america.com
JPenny at ykksnap-america.com
Thu Jan 11 12:25:26 EST 2007
zope-bounces at zope.org wrote on 01/11/2007 12:07:37 PM:
> Hi,
>
> I am writing a thesis about the security of Zope and have these
> questions. I am wondering if this is the right place to ask.
>
> Is Zope behind Apache the only solution to provide SSL connection to
Zope?
No, but it is the most common setup. Zope is believed to be very secure,
but it has had, in no way, the amount of exposure, and thus
battle-hardening
that Apache has.
Moreover using another web server in front of Zope has other benefits --
1) Static content can usually be displayed faster using a system tuned
for static content, rather than one tuned for dynamic content.
2) URL-rewriting makes it possible to transparently distribute site
site content to multiple Zope versions or multiple machines.
3) In some circumstances, the front-end webserver can provide caching
services, reducing the load on the Zope portion.
>
> If not what are the other options?
Note: any SSL proxy can be used. Apache is just common, and does
URL-rewriting.
> Have there been any work on making Zope being able to handle SSL itself?
It has been done in the past. I don't think that there is a current
patch available.
> If not, why it is hard to?
Not particularly hard. You just don't get the other side-benefits.
jim penny
More information about the Zope
mailing list