Rossen Raykov writes:
> >
> > * the immediate correspondence between the request and the
> > response containing essential information to analyse the problem
>
> It's application problem and the application have to handle it.
> Log all the request/responses on the server or the clie
On Sat, 6 Apr 2002, Rossen Raykov wrote:
> > BUT: The developer has access to the system, and the dump doesn't have to
> be
> > included in the HTML output. Maybe error dumps could be sent to a disk-log
> > of some sort?
> >
>
> Exactly that's my point.
> Log it with as many details as you can!
>
> > Shall the dump help the regular surfer? I doubt so.
> >
> > Shall it benefit the developer or the tester? Most probably not since
they
> > are not performing their activities on the production site.
>
> Oh, they most definitely help the developer or tester, because errors do
> appear on produc
From: "Rossen Raykov" <[EMAIL PROTECTED]>
> Shall the dump help the regular surfer? I doubt so.
>
> Shall it benefit the developer or the tester? Most probably not since they
> are not performing their activities on the production site.
Oh, they most definitely help the developer or tester, becau
>
> * the immediate correspondence between the request and the
> response containing essential information to analyse the problem
It's application problem and the application have to handle it.
Log all the request/responses on the server or the client side.
>
> * newbies
They have no
Rossen Raykov writes:
> ...
> 1. the server log
> 2. the output to the client.
> ...
> In the second case it is better if Zope is returning just the error or the
> response.
> In the XML-RPC case the error have to be a valid XML-RPC response, not a
> stack trace.
Thus, this may mean an exc
" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Thursday, April 04, 2002 2:55 PM
Subject: Re: [Zope-dev] Re: [Zope] isecure XML-RPC handling.
> Shane Hathaway writes:
> > If you can, please check out the latest Zope from CVS. Tracebacks no
> > longer appear by d
Shane Hathaway writes:
> If you can, please check out the latest Zope from CVS. Tracebacks no
> longer appear by default, and even when they do, they do not show any
> filesystem paths. (If you already have a checkout, make sure you use
> "cvs up -dP" to get the new product.)
I am very in
Rossen Raykov wrote:
> My point was that Zope is revealing internal information that is believed to
> be private and invisible for the Internet users.
> It happens in its default (debug) installation and even after -D option is
> removed from the startup script.
Rossen and others interested in tr
- Original Message -
From: "Brian Lloyd" <[EMAIL PROTECTED]>
To: "R. David Murray" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: "Rossen Raykov" <[EMAIL PROTECTED]>
Sent: Wednesday, April 03, 2002 12:20 PM
Subject: RE: [Zope-dev] Re:
> I think most people missed the point here. I don't think Rossen
> is asking for help on running zope or getting xml-rpc to work with
> it. He's observed a "security" problem: he believes the fact that
> a traceback including path names is included in the error response
> is a security exposure
On Tue, 2 Apr 2002, Eron Lloyd wrote:
> The problem here seems to be that you are trying to do XML-RPC communication
> with a version of Zope that doesn't support XML-RPC out of the box. You
I think most people missed the point here. I don't think Rossen
is asking for help on running zope or get
On Tue, Apr 02, 2002 at 04:01:41PM -0500, Eron Lloyd wrote:
> On that thought, I'd like to see Zope.org become much more modern, and
> reflect the *latest* and *greatest* functionality of Zope. Deprecation of the
> hybrid PTK that's used, as well as updating and polishing of the site
> regularl
The problem here seems to be that you are trying to do XML-RPC communication
with a version of Zope that doesn't support XML-RPC out of the box. You
should use a version >= 2.4.0 to get this to work. From the output you sent
below, it looks like you're trying to invoke an RPC method call agains
he's testing against zope.org
and the traceback is enclosed html comments, which probably does mean it is
debug mode.
as for the concerns... i leave that to others.
-k
On Tuesday 02 April 2002 12:18 pm, Chris McDonough wrote:
> You are running Zope in debug mode (with the -D switch in the
You are running Zope in debug mode (with the -D switch in the "start" file).
This is the default. Please try running Zope in non-debug mode (remove
the -D switch) and try this again.
- Original Message -
From: "Rossen Raykov" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTEC
16 matches
Mail list logo