Seeking Zope/Plone hosting and Systems Administration
Ken Malone
ken at malones.org
Wed Jun 16 16:28:34 PDT 2004
> That means that you can take the average Zope server serving content
at
> http://my.dom.ain and go to http://my.dom.ain/manage to get the
management
> interface.
We use a Zope access-rule script for loading Plone as the root page and
mapping the management path to a fire-wall protected high port. There
are also ways to configure IP authentication entirely within Zope. I
certainly agree with you about proxying since Apache has many security
and scalability advantages over Zope native webservice.
Ken
> You'll get prompted for a password, of course, but ... I don't
> like the fact you get that close. Worse, it's somewhat difficult to
deal
> with this because /manage is not the only 'management' URL -- most
actions
> in Zope are done through URLs (I wrote a Zope exporter/importer at my
last
> company that took advantage of this).
>
> Now, it may be that logging in through Zope's mechanisms is required
for
> you and so you're going to have to make it available to the world. If
it
> is not, however, I'd strongly urge you to proxy it behind Apache and
use
> ProxyMatch to make sure people don't access the management interface
(e.g.
> http://app.inorganic.org/manage).
>
> Thus ends AnswerMan's retort to your question.
>
> (There are other reasons I don't like Zope, but they're mostly
> development-based, rather than sysadmin-based)
>
> -roy
More information about the Baylisa
mailing list