Security with Plone and Zope

Status: I will not finish this page; see Update below.

Pagecode: T->1 A->SAml H->trsa[t,a,si]d[t,a,si] C->SA[ccceji]

Last changed: Monday 2010-03-01 [12:22 UTC]

Abstract:

This page is about security with focus towards Plone -- a world-class CMS (Content Management System). The page does not focus so much on particular subjects but rather covers the whole software solution stack starting at the Python interpreter, then Zope atop and finally Plone, which runs on top of Zope. The subjects on this page will be pretty much random order with some pragmatically chosen hot spots on how to create a highly-secure, Plone based, IT (Information Technology) service for highly critical environments e.g. finance, government, military, critical infrastructure like power plants etc. In order to get a highly secure Plone, we need to take certain different points of view -- the programmers point of view, the site-administrators point of view, the users point of view, the point of view from the person responsible for anything below the Python interpreter e.g. OS (Operating System). Last but not least, even the hosting location and physical protection of the hardware hosting a Plone instance is absolutely crucial even if this page will not cover subjects below the Python interpreter since there are other pages on this website which cover these issues.

Table of Contents

Update: I now (May 2009) stopped working with/on Plone in favor of Dolmen simply because working with Plone is no fun anymore. Plone has become way to fat and confusing to work with over the years — I need something that works with me, not against me.