Security Basics mailing list archives
zope - plone security issues
From: Christos Gioran <himicos () freemail gr>
Date: Fri, 7 May 2004 00:06:37 +0300
Greetings list, we are currently considering switching our site from apache to the zope platform primarily for using the plone product. I have already googled for security issues on both packages and read through all Bugtraq posts that came after a search for zope or plone. It seems to me that the package is quite safe to use and their team does a good job keeping it that way. The thing I want to ask is whether anyone has used it and has good reason to recommend against it, for security reasons that is. Moreover, I intend to chroot it for that extra, paranoid touch. Is it really worth the efford? If you agree on this approach, is there any diferrence, security-wise, in compiling all programs in the chroot jail (all programs being zope, plone *and* python) statically or shared? If so, why? thanks in advance -- himicos --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- zope - plone security issues Christos Gioran (May 07)
- Re: zope - plone security issues Kelly Martin (May 07)
- Re: zope - plone security issues Christos Gioran (May 10)
- Re: zope - plone security issues Kelly Martin (May 07)