Re: [Zope] Zope, Apache/NT, Reliability issues
Can I jump in? What is the process involved for pcgi or Zope to pass authentication? I am not running Apache, but good old dependable Website Pro. When I attempt to run Zope via pcgi it works fine unless I want to manage or allow a client to log into a products administration screens. I am returned an error when trying to access, for example, Squishdot admin or Zope manage. On the other hand users can log into and use the portal product. Zope is not accepting the management login info. My understanding is not clear on what Apache does to accept log ins via pcgi. For that matter the same for IIS. I am not sure that IIS is really only accepting NTusers. The reading I have done so far suggests this may be the case. Zope Apache are HTTP1.1 compliant? Website is 1.0 or partially 1.1... can this be part of the problem? I run into some problems with requests and compliancy when using newer utilities against the server. The conversation below suggests that pcgi passes requests to Zope. I am confused about this because I am told this is a Website issue, but when explained in it's simplest terms (below) it appears to be a pcgi or Zope issue. The error I am receiving says that the webserver may not be able to forward cgi requests (? it's been awhile since I looked at it) This doesn't make sense if pcgi is passing the info on. I guess I am asking "Where exactly is authentication breaking down when using pcgior where is it most likely to break down? Website has only 15 percent of the NT market share (it's the price tag I'm sure) and it is hard to find someone to share these experiences with, so thanks for allowing this intrusion.. ___ PCGI passes on requests to Zope, where Zope can handle multiple requests at the same time. Basically, requests are handed over to ZServer ass if the request came in directly. PCGI takes some care of waiting for ZServer to become available if it is congested. So, there is one Zope instance running that can listen to normal HTTP requests, FTP requests and PCGI requests (any combination of that). The PCGI CGI's are fielded on requests coming though Apache and hand back the results to the client. And what about the method of "masquerading" the ZServer through Apache? I have read solutions using the Rewrite module and the Proxy module, but it actually means (roughly speaking) that if there are 10 requests made to Apache then it will make 10 requests to ZServer so, considering only the reliability issue of the server even if Apache can handle millions of requests per second, the ZServer would fall down much faster than that so I cannot see any advantage of using Apache in front of it. Of course I understand the other advantages of Apache as it´s many configuration options, robustness as a web server, etc, but can the ZServer stay up and running in pair with Apache? Maybe there´s any way to configure Apache to cache the pages -- as a Squid would -- so it can "filter" the requests and low the requests level that it will do to ZServer? People generally use Apache for combining Zope with other content. Zope is good at serving dynamic content, Apache at static, so if you serve Zope behind Apache, you can mix and match. Also, when you have existing CGI, PHP or other Apache dependant content that you want to make available from the same base URL, you will need to use Apache in front of Zope. You can, IIRC, use tge ProxyPass trick together with caching as well,but I have no experience with that. There is one big disadvantage to using ProxyPass at the moment, which is that you need to use the SiteAccess product to make it work correctly. The SiteAccess product has some known issues and causes regressions in parts of Zope, like the ZCatalog. These issues _shold_ be solved with the upcoming 2.2 release of Zope. And what about it´s object oriented database? I also have some doubts about it. I worked a lot with relational databases as MS SQL and MySQL but never tried to study an OO approach to DB. How fast it is? How much requests can it handle without hanging, collapsing or corrupting data? I mean, anyone tried to do some study of a database that changes everytime and have queries everytime, I mean, searches in a database where it´s data changes constantly (searching a static database is much different than searching on a mutable one). Row level locking, transaction, consistency, etc, all these concepts apply here? Can it be substituted by a traditional relational database and have it´s contentes interfaced to "looks like" object oriented? The ZODB, Zope's Object Database, is an integral part of Zope. As soon as you look at Zope through the management interface, you are looking at objects stored in the ZODB. Zope is inherently OO, and you generally use object instances to build your site. The ZODB is transactional, is optimized for high reads, low writes, and takes care of access conflicts not by locking, but invalidating all connections
Re: [Zope] Wrong mime type sent by Zope on every page
On Thu, 8 Jun 2000, Andrew Diller wrote: Server: Zope/Zope 2.1.6 (source release, python 1.5.2, linux2) ZServer/1.1b1 Why does Server: return linux2? This is an Compaq Alpha running Tru64!?! No. That's what you are told it is. In fact it's an i386 under GNU/Linux ;-)) bye, Jerome ALET - [EMAIL PROTECTED] - http://cortex.unice.fr/~jerome Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30 28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope, Apache/NT, Reliability issues
On Fri, 9 Jun 2000, J. Michael Mc Kay wrote: The conversation below suggests that pcgi passes requests to Zope. I am confused about this because I am told this is a Website issue, but when explained in it's simplest terms (below) it appears to be a pcgi or Zope issue. The error I am receiving says that the webserver may not be able to forward cgi requests (? it's been awhile since I looked at it) This doesn't make sense if pcgi is passing the info on. I guess I am asking "Where exactly is authentication breaking down when using pcgior where is it most likely to break down? From this I'm guessing that website is not passing authentication headers in the environment when a cgi is called, which is a good default configuration. The Apache magic is a method for telling Apache you really want it to pass the auth info to the cgi. --RDM ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope, Apache/NT, Reliability issues
On Fri, Jun 09, 2000 at 02:50:26AM -0400, J. Michael Mc Kay wrote: Can I jump in? What is the process involved for pcgi or Zope to pass authentication? I am not running Apache, but good old dependable Website Pro. When I attempt to run Zope via pcgi it works fine unless I want to manage or allow a client to log into a products administration screens. I am returned an error when trying to access, for example, Squishdot admin or Zope manage. On the other hand users can log into and use the portal product. Zope is not accepting the management login info. My understanding is not clear on what Apache does to accept log ins via pcgi. For that matter the same for IIS. I am not sure that IIS is really only accepting NTusers. The reading I have done so far suggests this may be the case. Zope Apache are HTTP1.1 compliant? Website is 1.0 or partially 1.1... can this be part of the problem? I run into some problems with requests and compliancy when using newer utilities against the server. The conversation below suggests that pcgi passes requests to Zope. I am confused about this because I am told this is a Website issue, but when explained in it's simplest terms (below) it appears to be a pcgi or Zope issue. The error I am receiving says that the webserver may not be able to forward cgi requests (? it's been awhile since I looked at it) This doesn't make sense if pcgi is passing the info on. I guess I am asking "Where exactly is authentication breaking down when using pcgior where is it most likely to break down? Website has only 15 percent of the NT market share (it's the price tag I'm sure) and it is hard to find someone to share these experiences with, so thanks for allowing this intrusion.. CGI scripts traditionally get a predigested version of the headers the client hands in. On many web servers, this _doesn't_ include the authentication headers, which are crucial for handling password authenticated parts of your website. Most servers will try and handle this information themselves, and only hand the CGI script a new header, 'HTTP_REMOTE_USER', IIRC, that contains the name of the authenticated user. This is desireable for many CGI scripts when you don't want to have to code authentication libraries. However, it is a pain when you have a system like Zope, that _is_ very capable of handling this kind of authentication by itself. For different servers, different tricks need to be employed. On Apache, you can use a rewrite rule to make a copy of the Authorization header and pass the copy in as 'HTTP_CGI_AUTHORIZATION'. On IIS, if you specify no password protection for the PCGI stub, it gets handed the proper headers quite nicely. IIS does interfere with the Zope 401 status message, you'll need to switch that off. On Roxen, I believe there is a configuration setting called 'Raw user info' for this. And Netscape requires a NSAPI plugin to pass on the information. Now, it sounds like Website doesn't pass in the Authorization header either. Unfortunately, I don't know enough about Website Pro to be able to say wether or not you can make it pass the header anyway, and what tricks are needed to make it so. You will need to consult the Website Pro manuals for that. I hope that my explanation has given you enough pointers to help you out here. There is an alternative to passing in the Authorization header however, and that's having Zope use REMOTE_USER. Your webserver will then do the authentication, set the REMOTE_USER variable, and Zope will try and find a User object that matches that user name. See doc/WEBSERVER.txt for more info on this. -- Martijn Pieters | Software Engineermailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ | The Open Source Web Application Server - ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] unsubscribcription
hello ! i would like to unsuscribe the zope mailing list as soon as possible, because the end of my training course comes near. thanks in advance ! raphael zamochnikoff Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: FSSession newbie problem
Well... the statements are not in the same file but in two different files. This are the statements, the dtml-call FSSession is in the standard_html_header. Method list_products: dtml-var standard_html_header dtml-unless "FSSession.has_key('carrello')" dtml-call "FSSession.set('carrello',{})" /dtml-unless form action="aggiungi_prodotto" name="carrello" method="get" target="Carrello" input type="hidden" name="ID" value="dtml-if "FSSession.has_key('ID')"dtml-call "FSSession['ID']+1"dtml-else1/dtml-if" input type="hidden" name="codice_famiglia" value="dtml-var cod_prod" input type="hidden" name="codice_prodotto" value="dtml-var cod_ident" input type="hidden" name="nome_prodotto" value="dtml-var nome_prod_it" input type="hidden" name="prezzo" value="dtml-var prez_lire" input type="hidden" name="quantita_prodotto" value="1" input type="image" name="acquista" value="acquista" src="/ecom/images/freccia2.jpg" border="0" /form dtml-var standard-html-footer Method aggiungi_prodotto: dtml-var standard_html_header dtml-var "REQUEST.form"br # CHECK It prints out fine the form dictionary!! dtml-in "REQUEST.form.items()" dtml-var sequence-item /dtml-in # CHECK It prints out fine the form variable!! dtml-call "FSSession['carrello'].update(REQUEST.form)" br dtml-var ID dtml-var codice_famiglia dtml-var codice_prodotto dtml-var nome_prodotto dtml-var prezzo dtml-var quantita_prodotto Them works fine!! br dtml-var "FSSession('carrello')"br It prints out "None" dtml-var standard_html_footer The FSSession is in the same folder of my two methods, may be this a problem? I tried out the code in a single page and it works fine if you limit to create the variable 'carrello' in the FSSession. I checked the session file and it contains : --cut here (dp1 S'carrello' p2 (ds. cut here-- The problem is when i try to update the variable 'carrello' with something. I tryed the code you gave to me and it works so i think that the problem is that i initialize the variable in a method and update it in another one. Probably the second method point to a different session file than the first. Well thank you for help, for now i will make all in one method and of you have some ideas to solve it it will be appreciated. Bye. Marcello Hung Jung Lu wrote: --- In [EMAIL PROTECTED], Marcello Lupo [EMAIL PROTECTED] wrote: and macically i obtain the same error. this is the code i used: dtml-call FSSession dtml-unless "FSSession.has_key('cart')" dtml-call "FSSession.set('cart',{})" /dtml-unless dtml-call "FSSession['carrello'].update(REQUEST.form)" I have tried your code with 'cart' everywhere, and it worked just fine. Can you print out the form variables? Are all the statements inside the same DTML file? It really works fine. Also, make sure that FSSession is in a parent folder of your DTML method. (Root folder is usually a good idea.) Is your machine cookie-enabled? dtml-var standard_html_header dtml-call FSSession dtml-unless "FSSession.has_key('cart')" dtml-call "FSSession.set('cart',{})" /dtml-unless dtml-call "FSSession['cart'].update(REQUEST.form)" dtml-var "FSSession['cart']" dtml-var standard_html_footer If you still have problems, you can try SQLSession or HappySession. For beginners I would recommend HappySession so you don't need to worry about the details of FSSession or SQLSession. Download HappySession from http://www.zope.org/Members/hungjunglu/Products/HappySession Add an HappySession instance in your Zope hierarchy. Then try: dtml-var standard_html_header dtml-unless "SESSION.has_key('cart')" dtml-call "SESSION.set('cart',{})" /dtml-unless dtml-call "SESSION['cart'].update(REQUEST.form)" dtml-var "SESSION['cart']" dtml-var standard_html_footer regards, Hung Jung Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] What is favicon.ico and why is it an error?
On Wed, 07 Jun 2000 13:58:42 -0400, "J. Atwood" [EMAIL PROTECTED] wrote: So, does the user get an error page or is the server just sending me an error cause it is requesting a file that does not exist. I will try testing with IT (it is not effecting my Mac IE 4.5/5.0) The user wont see error; just the default icon in the favorites menu. Add this to the many reasons that I hate MIE! do you have a robots.txt, or are webcrawlers evil too? ;-) J. Michael Mc Kay wrote Now that you have done this, you have to put it in every directory accessible to IE to prevent excessive logging of errors on your server. Is that true? I undestand only the root directory is necessary, unless you have specifically linked another icon file from your html. Toby Dickenson [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Q: Accessing ZSQL methods from Python
-Original Message- From: Dieter Maurer [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 08, 2000 10:21 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Zope] Q: Accessing ZSQL methods from Python [EMAIL PROTECTED] writes: my question is what type or value is returned by a ZSQL method that is invoked from Python? ZSQL methods return "Shared.DC.ZRDB.Results.Results" instances. Such an instance essentially behaves like a sequence of objects each describing one result row. These objects have been set up such that a column value can be accessed as attribute with the column name. Thus, "results[i].column" gives the value of "column" of the i.th row. Yes, that works fine. But I need to know of NULL values. How to determine, how "Null" values are recognized, is less a Zope than a database adapter question. I would expect, that most (if not all) database adapters will map SQL Null to None. That was what I thought but at least ZODBC won't do this. What I have found out is, that repr(SQL NULL) == 'Missing.Value'. However, even some well established SQL databases do not treat Null standards-conform but represent it as the empty string. Then, the database adapter has no chance to map this to None but must use '', too. ZODBC won't do this either. Dieter Andreas ** This email message has been swept by MIMEsweeper for the presence of computer viruses. Francotyp-Postalia AG Co. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Urgent Help Required- Installation
Hi Daryl this did not work. it gave a conflict with the exisiting installed packages. On Fri, 9 Jun 2000, Daryl Tester wrote: python-devel is an RPMism (which means you won't find it on python.org). On my RedHat 6.1 box, it's python-devel-1.5.2-7.rpm . chkconfig, according to "rpm -qf `which chkconfig`", is owned by chkconfig-1.0.7-2. Regards, Daryl Tester Parag Mehta[EMAIL PROTECTED] System Administrator. Puretech Internet Pvt. Ltd.http://puretech.co.in/ 77 Atlanta. Nariman Point. Mumbai - 400021. India.Tel: +91-22-2833158 Support is now available thru our Web Based Support System. http://support.puretech.co.in ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope.org Hidden Stats
Tony McDonald wrote: If you're running Zope from behind Apache/PCGI then you *have* to run Zope single threaded. Am I correct? I think Martijn Pieters answers this question in the Zope, Apache/NT, Reliability Issues thread. ethan mindlace fremen Zopatista Community Liason ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] zodbc performance question
Hi all, Using zodbc, supose we have the following situation. One zodbc_database_connection and lots of zsql methods. Can we say that creating more zodbc_database_connection(with a system dsn for each one, but all pointing to the same database) and thus distribute the zsql methods avoiding to all use the same zodbc_connection, will increase performance. Dont tell me I have to test it, I will but some thougts here will help. Best regards, Júlio Dinis Silva Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] mssql system dsn hangs causing zope to be no more
I'm using 2.1.6. Regards, Julio From: "Harald Ragger" [EMAIL PROTECTED] To: "julio dinis" [EMAIL PROTECTED] CC: "Zope List" [EMAIL PROTECTED] Subject: Re: [Zope] mssql system dsn hangs causing zope to be no more Date: Thu, 8 Jun 2000 18:02:33 +0200 Julio: what version of zope do you run? harald - Original Message - From: "julio dinis" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 08, 2000 1:49 PM Subject: [Zope] mssql system dsn hangs causing zope to be no more Hi Zopistas! After some time of heavy use of the site the zserver goes zombie, and even restarting will put zope automatically zombie, never more. If I remove the system dsn I use with zodbc and restart zope, then zope runs like a ferrari. I than create again the odbc system dsn and everything is back again. But some time after the zombie arise from the grave :-( I'm looking at logs. Anyone with this problem? Júlio Dinis Silva Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] What is favicon.ico and why is it an error?
At 9:43 AM +0100 6/9/2000, Toby Dickenson wrote: The user wont see error; just the default icon in the favorites menu. You are correct. They don't see the error but it still produces a Zope error. Add this to the many reasons that I hate MIE! do you have a robots.txt, or are webcrawlers evil too? ;-) This, on the other hand, does not product a Zope error, just is logged as a 404. It is also useful in keeping search engines away from certain areas of your site. The favicon.ico trick really has no use, no functionality, no deeming qualities. M$ also did it in a bitmap as opposed to a jpg/gif which makes it much bigger than it should be. It also tells the server that a user has bookmarked your site, which to some users might seem like yet another breach of privacy. J ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Secure storage of credit card info
OK, any of you out there who have thought about ecommerce, cryptography, and zope, I've got a design question for you. Actually, this question is independent of zope, but I need to solve it in a zope context. You have a ZCommerce site. You accept credit cards, and securely communicate with a CC processor to verify the transacton. Now, you want to save the CC# and other info in case something needs to be done with it later, and probably store the CC# so this customer doesn't have to type it in again later. Regardless of whether you are storing this info in a relational database or in the ZODB, how do you secure that information? Ideally I'd like it to be encrypted on disk. Now, storing it in a database probably makes it pretty hard to grep out even if a hacker manages to snarf the database file, but I'd like to encrypt it. But if I encrypt it, I have to have a decryption key somewhere. Where do I store the decryption key so that the cracker who snarfs the database file can't get it (just in memory somewhere?), and yet have the system be able to boot itself, including having the key, without human intervention? It seems to me like this is a Hard Problem, but I'm not up on the current cyrptography practice. So if there is a well known general solution, I'd love to hear about it. Otherwise, does anyone know what current Best Practice is? Good question. I was just talking to someone about this a few days back. What they did was to a) create a public/private keypair. Don't leave the private key ANYWHERE except on the CC verification machine (described below) b) encrypt the data using the public key c) store the encrypted data d) ship the encrypted cc information through an internal firewall[1] with one hole to a CC verification back end. This back end is protected as much as possible, accessible by as few people as possible. It uses the private key to decrypt and verify. You are still vulnerable if someone can get in and snarf the CC information during b), but at least you don't have thousands of CC numbers hanging around on your frontend or database machines. The idea is that the CC verification machine is much less likely to be compromised. Best practice? I don't know. But it sounded like a good idea to me. Hope I got this right. (Hi Ramon!) -- cary [1] Which also needs to have limited access. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Announce: Squishdot 0.4.1 Released
Squishdot 0.4.1 is now available from http://www.zope.org/Members/chrisw/Squishdot/ The following major changes were made: - You can now use things like 'site_header' and 'site_footer' in 'showMessage' and 'showError'. - Security has been tightened and a new set of roles introduced. - The bug requiring a 'body' parameter to be supplied to 'search' has been fixed. There are some other small changes and improvements. If you run into problems, remember Squishdot has a mailing list at eGroups and a bug collector on SourceForge. cheers, Chris ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: [ZCommerce] Secure storage of credit card info
- You have a ZCommerce site. You accept credit cards, and securely - communicate with a CC processor to verify the transacton. Now, Besides Bill's suggestion, keep all your servers behind a good firewall. One option is to use Linux IP Masquerading, having your webserver *and* database server use 192.168.0.??? IP Addresses. Then, turn on port forwarding on your Masq server, so that all incoming requests on port 80 go to (something like) port 8080 on your webserver, which then responds to the request. You could just use an encrypted filesystem on the database server, although that may be too slow (and possibly overkill?). At that point --assuming your firewall is secured-- you'd more or less need physical access to your internal network to see those CC#s. The only real danger left is a misconfiguration (or bad code) in your webserver software. (read: don't use IIS :) I would work from the assumption that, worst case, your web server machines may get rooted, either from external attacks or from internal "human engineering". And that people can modify your software and install sniffers. [1] Especially if you have a lot of people modifying content on that machine. That's why you get the best protection with a separate machine, firewalled off, with limited access, plus Public key encryption. If you get rooted and you don't know about, you've lost the game. If you get rooted and you find out, you've only lost those CC numbers that were processed while you were compromised. My 2 cents. I'd be interested to hear alternate viewpoints. -- cary (who worries alot) [1] Which is why switches (rather than dumb hubs) are nice. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How do you call the string?
Martin, I'm no Zope expert but if you have a property with an ID of "prop1" of type string with a value "first_value" set on a DTML Document then inside the document you can say : dtml-var prop1 and "first_value" will be substituted into your code at this point, replacing the "dtml-var prop1" declaration. I am not sure why you want to get the title? You only need to know the ID to get the value. Are you trying to find a way of looping through all the properties defined for a document? If yes, I don't know how to do this but ask again to [EMAIL PROTECTED] for how to do this. Sorry if this doesn't answer your question. - Ian. - Original Message - From: "Martin Seehuusen" [EMAIL PROTECTED] To: "Ian Sparks" [EMAIL PROTECTED] Sent: Thursday, June 08, 2000 10:50 AM Subject: Re: [Zope] How do you call the string? Thank you for you help! I think I need to explain a bit more! Sorry for not doing that in the first place! OK, I go into Properties for one of my files! then I choose an ID, say "prop1" Type could be, say "String" then a value, say "first_value". now what I would like is to call the string, and get up the ID and the Value. something like dtml-var type_command result: ID: Prop1 Value: First_Value Hope this explains a bit more! ;) Thank you for your help. Best regards Martin Seehuusen ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] xmlrpc problem
Hi I am having a small probelm with xmlrpc. I am simply trying to create a new object within Zope. For now the object will be a DTMLDocument. I have a DTML Method with the id of createDocument and it reads: dtml-call "manage_addDTMLDocument('new_document','New Doc',contents)" Done I also have a xmlrpc python module that reads: import xmlrpclib s=xmlrpclib.Server("http://www.myserver.com/Zope/test/") args={} args=['contents']="This is the contents of the new file" s.createDocument(args) The traceback I get reads: Traceback (innermost last): File "stdin" line 1, in ? File "xmlrpclib.py", line 550, in __call__ return self.__send(self.__name, args) File "xmlrpclib.py", line 643, in __request request File "xmlrpclib.py", line 595, in request headers xmlrpclib.ProtocolError: Protocol Error for www.myserver.com/Zope/test/: 401 Unauthorized If i change createDocument to read: dtml-call "manage_addDTMLDocument('new_document','New Doc')" Done and change the python module to read: import xmlrpclib s=xmlrpclib.Server("http://www.myserver.com/Zope/test/") s.createDocument() Then it successfully creates the document. So how do I successfully pass arguments in to the DTML method so that it can populate the new document with the correct data? Cheers -Andy Dawkins (New Information Paradigms Ltd) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zodbc performance question
Hi Julio, we tested exactly this approach but run into some deadlock-situations. Since it did not improve performance we now use only one connection-object per database. Regards Tino Wildenhain julio dinis wrote: Hi all, Using zodbc, supose we have the following situation. One zodbc_database_connection and lots of zsql methods. Can we say that creating more zodbc_database_connection(with a system dsn for each one, but all pointing to the same database) and thus distribute the zsql methods avoiding to all use the same zodbc_connection, will increase performance. Dont tell me I have to test it, I will but some thougts here will help. Best regards, Júlio Dinis Silva Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Extended characterset
Hi Ivan, you may want to try out the modifier url_quote eg: dtml-var arbitrary_greek_text url_quote HTH Tino Wildenhain Ivan Mackintosh wrote: Hi, What I want to do is to allow users to be able to enter greek/mathematical symbols into a textbox. I have managed to do this but get the following problem - In the first dtml method the user clicks on a symbol button and that symbol is entered into the textbox. They then click on a submit button and the next dtml method is displayed. This method simply does a dtml-var REQUEST so that I can see the value of the previous textbox. The symbol has changed! On the first method I enter a lower case delta symbol and in the second I can see an 'a' with dots above it. If I change my code so that instead of inserting a symbol into the textbox it inserts the code delta; then when I get to the second dtml method the correct symbol is displayed. This is not very user friendly though. Is there somekind of encoding variable set in Zope? as if I do the same code in straight html then it works fine. Regards, Ivan ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: FSSession newbie problem
On Fri, 9 Jun 2000, Marcello Lupo wrote: dtml-var "FSSession('carrello')"br It prints out "None" I supose you mean ...FSSession['carrello'] .. The FSSession is in the same folder of my two methods, may be this a problem? No it should not one. Probably the second method point to a different session file than the first. I also have dtml-call FSSession in my standard html header and I never had problems. I will try a few tests when I return. Please keep me posted if you continue having troubles. Pavlos ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] redirecting from inside a frame
The onlyway I can think off, (which doesn't mean its the only way), is to launch a new window and send a HTML document whose content is JavaScript. It would either rewrite the original frame or the entire window depending on you original input and then close itself. - Original Message - From: Fusion Group To: [EMAIL PROTECTED] Sent: Thursday, June 08, 2000 6:03 PM Subject: [Zope] redirecting from inside a frame I'm attempting to submit a form from inside of a frame, and depending on the information submitted, redirect to a new page which I no longer want displayed inside of that frame. I want the new page to displayed in the full browser window, but not a new window. Any help would be greatly appreciated. Regards, Chad
Re: [Zope] zodbc performance question
I think Zope creates itself a pool of connections to the database, extending it when he need more performance. In our installation, we see initially seven connection to Oracle (trough ODBC) generated by only one zodbc database conection object Tino Wildenhain escribió: Hi Julio, we tested exactly this approach but run into some deadlock-situations. Since it did not improve performance we now use only one connection-object per database. Regards Tino Wildenhain julio dinis wrote: Hi all, Using zodbc, supose we have the following situation. One zodbc_database_connection and lots of zsql methods. Can we say that creating more zodbc_database_connection(with a system dsn for each one, but all pointing to the same database) and thus distribute the zsql methods avoiding to all use the same zodbc_connection, will increase performance. Dont tell me I have to test it, I will but some thougts here will help. Best regards, Júlio Dinis Silva Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Secure storage of credit card info
I use the int value of the datetime of the last transaction multiplied by a random number generated for each day as the key to encrypt the CC data in my RDBMS. Once the customer has identified themselves via a cookie or by entering a customer id I can retrieve the last transaction datetime and use the appropriate stored multiplier for that day to retrieve their CC info from my DB. The CC DB is a separate table in a separate location. - Original Message - From: "R. David Murray" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, June 08, 2000 7:57 PM Subject: [Zope] Secure storage of credit card info OK, any of you out there who have thought about ecommerce, cryptography, and zope, I've got a design question for you. Actually, this question is independent of zope, but I need to solve it in a zope context. You have a ZCommerce site. You accept credit cards, and securely communicate with a CC processor to verify the transacton. Now, you want to save the CC# and other info in case something needs to be done with it later, and probably store the CC# so this customer doesn't have to type it in again later. Regardless of whether you are storing this info in a relational database or in the ZODB, how do you secure that information? Ideally I'd like it to be encrypted on disk. Now, storing it in a database probably makes it pretty hard to grep out even if a hacker manages to snarf the database file, but I'd like to encrypt it. But if I encrypt it, I have to have a decryption key somewhere. Where do I store the decryption key so that the cracker who snarfs the database file can't get it (just in memory somewhere?), and yet have the system be able to boot itself, including having the key, without human intervention? It seems to me like this is a Hard Problem, but I'm not up on the current cyrptography practice. So if there is a well known general solution, I'd love to hear about it. Otherwise, does anyone know what current Best Practice is? --RDM ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] redirecting from inside a frame
The onlyway I can think off, (which doesn't mean its the only way), is to launch a new window and send a HTML document whose content is JavaScript. It would either rewrite the original frame or the entire window depending on you original input and then close itself. [rh] Hm, even for frames, there is a more zopish way to do this using Phil Harris' method (using target). Suppose you want to make a text and then display it in a frameset (this may not have been your original question, but it is just about the hardest to without javascript) This bugged me for a long time, so I thought i'd write it down: make your frameset look something like this: html head title/title /head frameset rows="100px,*" BORDER=0 FRAMEBORDER=0 FRAMESPACING=0 frame name="title" SRC="page1" SCROLLING=no frameset cols="150px,*" BORDER=0 FRAMEBORDER=0 FRAMESPACING=0 frame name="content" SRC="content" SCROLLING="NO" NORESIZE dtml-if input frame name="text" SRC="dtml-var input" dtml-else frame name="text" SRC="defaultpage" /dtml-if /frameset /frameset /html form method=post action="some_frameset?input=dtml-var id" target="_top" of course you could complicate this for plain page/frameset etc, but that's the easy part ;-) hth Rik - Original Message - From: Fusion Group To: [EMAIL PROTECTED] Sent: Thursday, June 08, 2000 6:03 PM Subject: [Zope] redirecting from inside a frame I'm attempting to submit a form from inside of a frame, and depending on the information submitted, redirect to a new page which I no longer want displayed inside of that frame. I want the new page to displayed in the full browser window, but not a new window. Any help would be greatly appreciated. Regards, Chad ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope logging with multilog (daemontools)
I provided a document that describes a setup for logging that uses the external logger program multilog. multilog prevents filling the disk, provides filtering by patterns and exact TAI64N timestamps. It is designed to never loose any log data. multilog is part of Daniel J. Bernsteins dameontools package. You may find the article at http://www.lightwerk.de/zope/logging Regards, Frank ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: [ZCommerce] Secure storage of credit card info
"RDM" == R David Murray [EMAIL PROTECTED] writes: RDM On Thu, 8 Jun 2000, Bill Anderson wrote: Personally, I would store the actual data on a seperate server, not accessible to the public. RDM Mmm. Yes, that makes it more secure. Still leaves the RDM question of encryption/decryption of the data and key RDM management, but it makes the cracking a lot less likely. And RDM Steve's EMarket product is designed for that scenario. RDM I'd like to also have a one-box solution, though. Based on RDM some comments by one of the eTailor folks I'm now trying to RDM see if I can structure the user/merchant interface so that RDM the server doesn't need to decrypt the stuff without human RDM intervention. When I was originally setting up EMarket I wanted to do a 'two-box' solution, but I only had one box handy at the moment. I set up a second Zope instance on the same box to handle transactions (behind apache-ssl) and it worked pretty well for testing. Of course if you have only one box for production, you could use the same setup. So there's no reason to make a solution 'one box' or 'two box', but it could be 'one box.. two Zopes!'. ;-) -steve RDM --RDM RDM ___ ZCommerce RDM Mailing List - [EMAIL PROTECTED] RDM http://lists.codeit.com/mailman/listinfo/zcommerce ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] How to init the body of a ZClass herited of DTML Method Class?
Hi all, I created a ZClass which herite of the DTML Method Class. Now, I want to init the body of all my objects of ZClass with the same script. How can I acess to this body ? Thanks Fred ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: FSSession newbie problem
On Fri, 9 Jun 2000, Marcello Lupo wrote: 1) Is necessary to call FSSession in every document of the site or is sufficient on the first page (home page of the e-com for example)? Becouse i noticed (obviously) that every time it open a file the HD. And i think this is a problem because every time it initialize a new session passing the new cookie to the Browser (i think). Yes it is neccessary beacuse HTTP is stateless. It will only start a new session if FSSession cannot find a valid UID either through a cookie or a FORM or as part of te URL 2) How may i change the value of an element in a dictionary contained in FSSession? Example: I have the object 'carrello' as in the examples before that contain a dictionary passed to it from the form. I store the quantity of the item ordered in the value 'quantita_prodotto' in the object 'carrello'. If a user add another piece of that item i need to update the 'quantita_prodotto' summing to it the new item. I think this is possible but i ignore the syntax to do this. As you descripe in your example carrello is a dictinory. So one way is to make quantitita_prodotto a list and append to it. Something like untested dtml-if "FSSession['carrillo'].has_key('quantita_prodotto')" dtml-call "FSSession['carrillo']['quatita_prodotto'].append(REQUEST.form['quatita_prodotto'])" dtml-else !-- need to fake the = sign which cannot be used in DTML expr-- dtml-call "FSSession['carrillo'].update({'quatita_prodotto':[]})" /dtml-if plus some more logic to check if the variables are empty/correct etc .. Pavlos ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] generic user folder 1.2.4
Stuart 'Zen' Bishop writes: Error type:KeyError Error Value:Parent_url You will need to post the traceback. Parent_url isn't used in GUF anywhere, so I'm guessing it is another product that is barfing. Oops, I got bitten by this with LoginManager. If it's the same bug, it's a bogus error message that should really be trying to tell you that you're trying to install a GUF but an acl_users folder already exists in that folder. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zodbc performance question
Francisco José Esteban Risueño wrote: I think Zope creates itself a pool of connections to the database, extending it when he need more performance. In our installation, we see initially seven connection to Oracle (trough ODBC) generated by only one zodbc database conection object Yes, but it uses a housekeeping to prevent deadlocks. If you use more connections in the same dtml-document it may lead into the problems. Imagine: connection1:update table connection2:select from table So connection1-object will never know there is an attempt to read from the table after the update. It will however "commit" the write when the document is fully generated. connection2-object will block therefore. HTH Tino Wildenhain ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Random line of Products
Hello! I created and published three demo toy Products I named them "Random" Products, because each of them displays text, randomly selected from a list prepared by webmaster. These Products differ in how they store the text items. I learned a good deal of Zope internals while wrote it, and I hope that looking into it will help people to learn Product API. I also run a demo site for these Products. Source code: http://www.zope.org/Members/phd/Random/ Demo site : http://sun.med.ru/pcgi/Random/ DETAILS: The first Product, RandomLine was created from Boring Product - I just learned Product API. The product stores text (edited in a texarea), splits the text into a list of lines and when asked displays a random line. The second Product, RandomLine_v, is just a modified version of the first. The difference is volatile attributes. I found (in RandomLine) that I store both text and splitted list of strings in ZODB. I thought I need to learn volatile attributes and this version stores only text in ZODB. The splitted list stored in a volatile attribute and recomputed when neccessary. The third Product, RandomItem, implements the same idea, but with different implementation. The core class is ObjectManager-derived, and it stores a list of items. Every item in turn stores multiline text. Oleg. Oleg Broytmann http://www.zope.org/Members/phd/ [EMAIL PROTECTED] Programmers don't die, they just GOSUB without RETURN. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: FSSession newbie problem
From: Pavlos Christoforou [EMAIL PROTECTED] On Fri, 9 Jun 2000, Marcello Lupo wrote: 1) Is necessary to call FSSession in every document of the site Yes it is neccessary beacuse HTTP is stateless. It will only start a new session if FSSession cannot find a valid UID either through a cookie or a FORM or as part of te URL Pavlos: this is the part that is confusing to newbies. FSSession can be made in such a way that this initial call can be avoided. HappySession works that way: no need for explicit initialization. Matter of fact, in the very first call to the HappySession (any dictionary method), it does the initialization itself behind the scene. FSSession can do the same thing. It's a minor detail, but anything to make a newbie's life easier is worth it. :) regards, Hung Jung Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Getting a specific user role
That did the trick. Someday I'm going to get the hang of this stuff. Thanks, Jason. -=Brad=- -Original Message- From: Jason Spisak To: Mabe, Brad Cc: '[EMAIL PROTECTED]' Sent: 6/8/00 7:48 PM Subject: Re: [Zope] Getting a specific user role Mabe, Brad writes: Forgive me if this has been covered before. There's no real great documentation on using the security API, and it's changing a bit anyway. I am implementing a login/security scheme through the use of GUF and SQL methods. My user and role information is kept in a SQL database and a user can have more than one role assigned to him/her. What I would like to do is check if a specific role has been assigned to the current user, and then display some additional menu items if that role has been assigned. I haven't been able to figure out how to get and check the roles that have been assigned to the current user. As usual, any help will be greatly appreciated. -=Brad=- try: dtml-if "AUTHENTICATED_USER.has_role('MyRole')" My stuff /dtml-if Jason Spisak CIO HireTechs.com 6151 West Century Boulevard Suite 900 Los Angeles, CA 90045 P. 310.665.3444 F. 310.665.3544 Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: FSSession newbie problem
On Fri, 9 Jun 2000, Hung Jung Lu wrote: Pavlos: this is the part that is confusing to newbies. FSSession can be made in such a way that this initial call can be avoided. HappySession works that You are right. There is no real need for the initial call. It was initially designed like this because I inherited directly from UserDict and I was lazy to override every call to check whether FSSession was initialized or not. Also and more important I wanted to be compatible with SQLSession so the migrating users from one to the other will do so without needing to change much of the code. The initial call is useful if you need to pass parameters, like noCookie or _force_new_session etc etc. Pavlos ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Getting a specific user role
Mabe, Brad writes: That did the trick. Someday I'm going to get the hang of this stuff. I have the hang of some stuff but get hung by the rest ;) Thanks, Jason. -=Brad=- -Original Message- From: Jason Spisak To: Mabe, Brad Cc: '[EMAIL PROTECTED]' Sent: 6/8/00 7:48 PM Subject: Re: [Zope] Getting a specific user role Mabe, Brad writes: Forgive me if this has been covered before. There's no real great documentation on using the security API, and it's changing a bit anyway. I am implementing a login/security scheme through the use of GUF and SQL methods. My user and role information is kept in a SQL database and a user can have more than one role assigned to him/her. What I would like to do is check if a specific role has been assigned to the current user, and then display some additional menu items if that role has been assigned. I haven't been able to figure out how to get and check the roles that have been assigned to the current user. As usual, any help will be greatly appreciated. -=Brad=- try: dtml-if "AUTHENTICATED_USER.has_role('MyRole')" My stuff /dtml-if Jason Spisak CIO HireTechs.com 6151 West Century Boulevard Suite 900 Los Angeles, CA 90045 P. 310.665.3444 F. 310.665.3544 Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) Jason Spisak CIO HireTechs.com 6151 West Century Boulevard Suite 900 Los Angeles, CA 90045 P. 310.665.3444 F. 310.665.3544 Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZSQL method broken on 2.1.6
Umesh Soni wrote: (using zope 2.1.6 with ZMySQLDA-2.0.0a1 and MySQLdb-0.2.1) Hi there, I had this ZSQL method (simplified for clarity) working on 2.1.4 select id, nickname from bboard where id=50 order by id desc limit 30 Remove either the limit 30 or the LIMIT 1000 Advanced property of the ZSQL method (advanced tab). To speed things up, the limit 1000 appended to the query to stop MySQL giving Zope lots of lines when it only wants 1000 anyway. Its not too clever though. There should maybe be a check to see if "limit x" exists in the query. Phill ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: [ZCommerce] Secure storage of credit card info
On Thu, Jun 08, 2000 at 08:57:17PM -0400, R. David Murray wrote: You have a ZCommerce site. You accept credit cards, and securely communicate with a CC processor to verify the transacton. Now, you want to save the CC# and other info in case something needs to be done with it later Hi, Take a look at ZSmime, http://www.post1.com/home/ngps/zope/zsmime Here's the blurb: ZSmime enables Zope to generate S/MIME-signed/encrypted messages. ZSmime is useful where Zope accepts confidential information over the web, e.g., credit card numbers, Swiss bank account instructions, etc. Such information can be protected by ZSmime and relayed off-site immediately. This reduces the value of the information carried on-site and in turn reduces the impact of a successful attack against the site. Even if the S/MIME-protected information remains on-site, it is now encrypted - this introduces additional cost in defeating the protection and may mitigate the effect of a successful site penetration. ZSmime adds a DTML tag "dtml-smime" to Zope. -- Ng Pheng Siong [EMAIL PROTECTED] * http://www.post1.com/home/ngps ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZSQL method broken on 2.1.6
Umesh Soni wrote: (using zope 2.1.6 with ZMySQLDA-2.0.0a1 and MySQLdb-0.2.1) Hi there, I had this ZSQL method (simplified for clarity) working on 2.1.4 select id, nickname from bboard where id=50 order by id desc limit 30 Remove either the limit 30 or the LIMIT 1000 Advanced property of the ZSQL method (advanced tab). To speed things up, the limit 1000 appended to the query to stop MySQL giving Zope lots of lines when it only wants 1000 anyway. Its not too clever though. There should maybe be a check to see if "limit x" exists in the query. Phill Thanks Phill, that did the trick --strange thing though the 'Maximum number of rows retrieved attribute' was set to 100 not 1000 as the error reported --I changed it to 30. Anyway it's working now --cheers. Umesh Soni. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] RE: [ZCommerce] Secure storage of credit card info
Hi there, I know your post indicates you've thought about this, but you may want to reconsider storing CC info at all. It's a trade off on convenience for the customer and security precautions on your site. If you don't have the numbers, that's one less thing an intruder could do with your information when they do break in. If you do store CC info, you should probably offer the option to not store the CC#. I know I don't like my CC info in a merchant database, encrypted or not. Scott -Original Message- From: R. David Murray [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 08, 2000 5:57 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [ZCommerce] Secure storage of credit card info OK, any of you out there who have thought about ecommerce, cryptography, and zope, I've got a design question for you. Actually, this question is independent of zope, but I need to solve it in a zope context. You have a ZCommerce site. You accept credit cards, and securely communicate with a CC processor to verify the transacton. Now, you want to save the CC# and other info in case something needs to be done with it later, and probably store the CC# so this customer doesn't have to type it in again later. Regardless of whether you are storing this info in a relational database or in the ZODB, how do you secure that information? Ideally I'd like it to be encrypted on disk. Now, storing it in a database probably makes it pretty hard to grep out even if a hacker manages to snarf the database file, but I'd like to encrypt it. But if I encrypt it, I have to have a decryption key somewhere. Where do I store the decryption key so that the cracker who snarfs the database file can't get it (just in memory somewhere?), and yet have the system be able to boot itself, including having the key, without human intervention? It seems to me like this is a Hard Problem, but I'm not up on the current cyrptography practice. So if there is a well known general solution, I'd love to hear about it. Otherwise, does anyone know what current Best Practice is? --RDM ___ ZCommerce Mailing List - [EMAIL PROTECTED] http://lists.codeit.com/mailman/listinfo/zcommerce ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope-Edu?
What ever became of Zope-Edu? Have they disbanded? - T.J. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZCatalog and Search Results
Jason, I believe the ZCatalog is indexing the new instances because I can see them in the catalog in the management interface. -Aaron At 03:42 pm 6/9/00 +, Jason Spisak wrote: Just out of curiousity, what is making you think it's indexing it? All my best, Jason Spisak ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZDiscussions in classes?
charset="iso-8859-1" Hi, I have a problem with getting ZDiscussion working the way I want it to. First a little background, so it becomes easier for me to explain what I want to do: On my site I have several users (called "artists") that I have built a ZClass for. This Artist-ZClass contains a propertysheet with the properties of the artist, it also subclasses ObjectManager, so the artists can add their own pictures in their own object. This works excellent, and I am about to take the next step - adding a discussion forum on each artist, so people can discuss the artist's work directly on his pages. I then tried to add a ZDiscussion Topic ("discuss") in the ZClass. (I also regenerated the methods before proceeding, to get the default interface.) When I tried to access the discussion at: http://my.host/artists/testartist/discuss Zope asks me for a login, and not even the superuser can access it. Either my thinking is screwed up (it often is ;), or it is impossible to accomplish this with ZDiscussions. Could anyone offer me some insight as to what I'm doing wrong here? Do you have anonymous access turned off? (I.E. do you need a password to view anything?) If you cancel the request, do you get a traceback pointing to something in the TreeTag file? If so, you may need to allow anonymous users to access content information for the discussions. I don't understand why this should be the case, and I couldn't debug it because I couldn't figure out what validate did. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope-Edu?
What ever became of Zope-Edu? Have they disbanded? No, on the contrary: revived. See http://www.zope.org/Wikis/zope-edu/FrontPage There is also a sourceforge site. Contributions more than welcome Rik ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: [ZCommerce] Secure storage of credit card info
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In article [EMAIL PROTECTED], Ng Pheng Siong [EMAIL PROTECTED] writes Take a look at ZSmime, http://www.post1.com/home/ngps/zope/zsmime Hi, Any ETA on the Win32 binaries? - -- Regards, Graham Chiu gchiuatcompkarori.co.nz http://www.compkarori.co.nz/index.php Powered by Interbase and Zope -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 iQA/AwUBOUCjubTRdIWzaLpMEQKpMACgnwmcR4sNmRpNk0g4Nm6RLq9O6lsAoIi3 PMOYM6R69bu0DbW8IBgScTwE =1D+1 -END PGP SIGNATURE- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZDiscussions in classes?
Do you have anonymous access turned off? (I.E. do you need a password to view anything?) I can view the main artist page just fine. If you cancel the request, do you get a traceback pointing to something in the TreeTag file? If so, you may need to allow anonymous users to access content information for the discussions. I get the following: Unauthorized You are not authorized to access this resource. Username and password are not correct. Traceback (innermost last): File D:\Programs\Zope\lib\python\ZPublisher\Publish.py, line 214, in publish_module File D:\Programs\Zope\lib\python\ZPublisher\Publish.py, line 179, in publish File D:\Programs\Zope\lib\python\ZPublisher\Publish.py, line 151, in publish File D:\Programs\Zope\lib\python\ZPublisher\BaseRequest.py, line 446, in traverse File D:\Programs\Zope\lib\python\ZPublisher\HTTPResponse.py, line 551, in unauthorized Unauthorized: (see above) I don't understand why this should be the case, and I couldn't debug it because I couldn't figure out what validate did. But you get the same error? And it's supposed to (ie: not horribly bad thinking on my part? :) be possible to do this? -- Alexander Limi [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Dynamically Picking which object to display
Hi Jason, Jason Lee wrote: I'm fairly new to Zope, so this may be a dumb question, and my vocabulary could be wrong, so please bear with me. I'm in the middle of building an e-commerce solution for my company, and we're evaluating Zope (and PHP and Servlets, but that's immaterial) as the platform on which to base this solution. That doesn't necessarily mean anything other than to give you context. One of the problems I'm facing right now is how to display a particular object based on a value. For example, let's say a user tries to access www.foo.com/MyAccount/CCInfo. If the user has authenticated, I need to show him the obviously sensitive data he has requested. If he is not authenticated, however, I need to give him a login screen which, for argument's sake, is in the DTML document Login in the root folder. How would I go about doing that? Am I making sense? Thanks... We have done it for an (closed to the public) e-commerce solution which could not be done with http-authentication (we have 2 user-names and one password for authentication for historical reasons) Se we needed a solution and found it as a simple solution with the standard header of all documents wich include some kind of session-management down the protected path. If the user is authenticated, the session management keeps track of it and provides useful data to all pages where it is included. If the session is timed out or a not authenticated user tries to access some pages, the session-management (a dtml-method) sends a redirect to the login-page. I can give a more detailed description on request. But at least: yes, you can do it; yes, it makes sense HTH Tino Wildenhain ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] YA newbie question
Hi Randy, ... I figured this would be easy to do with Zope. I created a subdirectory called "modules" and put some modules into that; for example, "leftbuttons" is a dtml method containing a table data block which contains the standard left menu button HTML. I figured I could whip up a page and at the appropriate place in that page, do a 'dtml-var "modules.leftbuttons"' and have that code inserted into the page. That was my thinking. "leftbuttons" views properly by itself. However, when I try that dtml-var statment above, the page displays raw HTML. try the following: either: dtml-var "modules.leftbuttons()" or: dtml-with modules dtml-var leftbuttons /dtml-with the reason for this is: anything inside "" is a python expression, meaning it is interpreted as if you typed it into an running python-interpreter (with the zope-context around, of course). So python calls the ojects __repr__() method here to display it. For string-like objects __repr__==__str__ (with single quotes arount them) For some zope objects "self-displaying" means showing their data as source. If you use dtml-var without the quotes, zope does do some magic with the __call__() method of the object. Calling a dtml-method renders its output rather then the source. This is what is done in the first variant. NB: often you have to provide the documents context to the method, so the above call is somthing like dtml-var "modules.leftbuttons(_,_.None)" (or such like - have to look again over some documentation or the list for this) HTH Tino Wildenhain ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Unless not quite the opposite of if?
Curtis Maloney writes: On Fri, 09 Jun 2000, Dieter Maurer wrote: Curtis Maloney writes: ... dtml-unless does not work ... ... Seems that you make something wrong ... It doesn't. Really. I'm certain of this. The key was not there, and yet the unless was not rendered. This is why I'm posting. It's not working as it should. I guess I'm funny like that. I only post problems when they exist. Sorry! But some problem reports are difficult to believe. I tried the following DTML-method with Zope 2.1.6: dtml-var standard_html_header dtml-unless "0"should renderbr/dtml-unless dtml-unless "1"should not render/dtml-unless dtml-unless "REQUEST.has_key('XXX')"should renderbr/dtml-unless dtml-call "REQUEST.set('XXX',1)" dtml-unless "REQUEST.has_key('XXX')"should not render/dtml-unless dtml-var standard_html_footer It worked as expected. No hint that "dtml-unless" could be faulty. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZSQL method broken on 2.1.6
Umesh Soni wrote: Umesh Soni wrote: (using zope 2.1.6 with ZMySQLDA-2.0.0a1 and MySQLdb-0.2.1) Hi there, I had this ZSQL method (simplified for clarity) working on 2.1.4 select id, nickname from bboard where id=50 order by id desc limit 30 Remove either the limit 30 or the LIMIT 1000 Advanced property of the ZSQL method (advanced tab). To speed things up, the limit 1000 appended to the query to stop MySQL giving Zope lots of lines when it only wants 1000 anyway. Its not too clever though. There should maybe be a check to see if "limit x" exists in the query. Phill Thanks Phill, that did the trick --strange thing though the 'Maximum number of rows retrieved attribute' was set to 100 not 1000 as the error reported --I changed it to 30. I`m interested in your thoughts about ZSQLMethod's advanced property 'Maximum number of rows retrieved'. It`s default value is 1000. Some DA's like PyGreSQLDA takes no notice on this value while PoPyDA pays attention of this property. Assumed there is a table foo on my DB with actually 2000 records some DA's return only 1000 on table scans like 'select * from foo' and 10 records on 'select * from foo limit 10 offset 1100' (if offset is supported by the RDBMS). How can I know how many records will match at max to my select statement? ZSQLMethod's "advanced" property 'Maximum number of rows retrieved' makes no sense to me. As I know so far there is no way to disable this property or to set a value like 'maximum' -- _ Andreas Heckel[EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] dtmll-in variables
josh on wrote: great, thanks a lot! I think that this page should be updated with this info: http://www.zope.org/Documentation/Guides/DTML-HTML/DTML.7.2.html unless I am wrong. It should. However, because the method used to generate the "old" guides is not the method that will be used to generate the new guides. The new guides, which will be cvs backed and much more amenable to community update, will be coming along: please see the "documentation chat", http://www.zope.org/Documentation/Chats/doc_chat for more information. ethan mindlace fremen Zopatista Community Liason ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] WorldPilot - Attachments and quotes within the subject
On Fri, 9 Jun 2000, Paul Gresham wrote: Excellent, thanks Bryan. I have another question? Do you have problems with browsers not obtaining the correct filenames of attachments when they are downloaded, i.e. the file becomes ATT0002.DAT or similar? I have this problem and also if I choose to download a file and then cancel the dialog, everything seems to get stuck, and I have to close the browser and start again. Yeah, I have that same problem! I'll have to take a look at it here soon. I've attached another patch that you might find useful. It appears that WorldPilot barfs if the subject contains a quotation mark in it, but this patch fixes it. Also if you would like to try out the rpm and srpm I've been working on for WorldPilot you can check them out here: http://www.verinet.com/~arcane/worldpilot/worldpilot-1.0.4-6.noarch.rpm http://www.verinet.com/~arcane/worldpilot/worldpilot-1.0.4-6.src.rpm The only thing you'll have to change is the DOMAIN.py file. Both of the patches I've done so far have been included. :) Note: These are experimental RPMs, so you might want to not install them on a mission critical server right away. I personally haven't had any problems, but you never know... The only thing I'm worried about is what happens if you try to install the rpm over a previous installation from a tarball. (Should work though) You'll also have to restart Zope. Bryan --- WorldPilot.orig/WPUtil.py Mon Jan 31 14:52:54 2000 +++ WorldPilot.mine/WPUtil.py Fri Jun 9 16:04:41 2000 @@ -90,6 +90,7 @@ import re import time import string +import regsub try: import DateTime except: pass @@ -101,7 +102,7 @@ r'.*"') LiteralString = re.compile(r'\s*\{(?PSize\d+)\}(?PRest.*)') -QuotedString = re.compile(r'\s*"(?PString[^"]*)"(?PRest.*)') +QuotedString = re.compile(r'\s*"(?PString.*?[^\\](?="))"(?PRest.*)') ListOpen = re.compile(r'\s*\((?PRest.*)') ListClose = re.compile(r'\s*\)(?PRest.*)') Atom = re.compile(r'\s*(?PAtom\\?[\w\[\]\.]+)(?PRest.*)') @@ -173,10 +174,14 @@ conts=conts[1:] while line!="": m=QuotedString.match(line) -if m: -c.append(m.group('String')) -line=m.group('Rest') -continue +if m: +# BS: IMAP returns quotes backslashed, so we must +# remove the backslash here. +cur_string = m.group('String') +cur_string = regsub.gsub(r'\\"', '"', cur_string) +c.append(cur_string) +line=m.group('Rest') +continue m=ListOpen.match(line) if m: n=[]
[Zope] Multithreading in zope and python
I am using Zope-2.1.6. I have python 1.5.2 with multithreading on. But my zope still runs in single thread. I have changed the start script, to have PYTHONHOME="/usr:$reldir" and taken out the -D flag. Any suggestions on how to turn on multithreading will be appreciated. Thank you, -- sudhir ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: user contributions to Zope.org (Mangled text)
Not to be picky, Ken, but since you are from Digicool... could you take a look at your own message at: http://www.egroups.com/message/zope/33350?start=33322 (I checked both IE and Netscape, from PC.) Lately there have been quite a few mangled messages at egroups. Could you find out what went wrong and let people know how to prevent this kind of mangling? I have heard people saying repeatedly that please do not use HTML-format e-mail messages, did you use HTML format? Or is it related to a particular mail software that you use? regards, Hung Jung Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Problems with SybaseDA
A J Wilson wrote: I have experimented some more and I think I have isolated the problem by importing the module into python and playing with the code that uses it (eg db.py and DA.py). Firstly I found that I had to change some of the environment variables in the Makefile.pre.in to point to where Makdrake 7 stores python (ie /usr rather than /usr/local). Then I made sure that SYBASE and LD_LIBRARY_PATH were set in my shell before compiling the code. Next I imported sy_occ into python and started playing it (I made sure SYBASE and LD_LIBRARY_PATH were set correctly by inspecting os.environ). I found that in db.py there is a line of code "_context=sy_occ.cs_ctx_alloc()" which when called causes a segmentation fault and a core dump. When this line is commented out Zope can start successfully and thinks that the SybaseDA is correctly installed but obviously it doesn't actually work. I am using Jeff Rush's rpm version of Zope and have set SYBASE and LD_LIBRARY_PATH through .bashrc in user zope's home directory. Does this sound like the right way to do it? I put it in the zope startup script, myself. I also put it in the Zope.cgi fle just to be sure. Remember that unless otherwise told to, Zope runs as nobody. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] logout
James Cummings wrote: Ok, since I haven't found this by searching the site or the mailing list archive, is it possible to logout as superuser? I would like to be able to login as a different user, but I haven't been able to find out how to do this. This question comes up every now and then and the answer is Yes, and No. To logout, close your browser. You might think that sucks but there is nothing Zope can do about it, HTTP is a stateless protocol, you are never really 'logged in', but rather your browser caches your authentication information and provides it to Zope for *every* request to a protected resource. There are a couple of things you can do: dtml-raise Unauthorized /dtml-raise Will cause your browser to pop up a new login box, here you can either re-login as someone else or hit 'Cancel' and your browser *should* clear it's authentication cache. An alternative is that you can engineer a cookie based solution. -- -Michel Pelletier http://www.zope.org/Members/michel/MyWiki Visit WikiCentral for the latest Zen: http://www.zope.org/Members/WikiCentral ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )