Re: [Zope] Re: [Fwd: [USN-359-1] Python vulnerability]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andreas Jung wrote: > > > --On 6. Oktober 2006 12:32:51 -0400 Tres Seaver <[EMAIL PROTECTED]> > wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Chris Withers wrote: >>> ouch... I'd imagine Zope is vulnerable to this? >>> > >> What source version(s) of python have these problems fixed? >> If you build >> Python using the default config, it uses UCS2 (which is a better choice >> for long-running appservers, anyway). > > Why should be UCS2 the better choice (except for the reduced memory usage)? That *is* the reason -- doubling the storage required for Unicode strings provides no benefit, unless most of the strings you use are in codepoint ranges which require escaping in UCS2 (which won't be true for sites using "Western" languages, anyway). Zope is RAM-hungry enough, without that overhead. Tres. - -- === Tres Seaver +1 202-558-7113 [EMAIL PROTECTED] Palladion Software "Excellence by Design"http://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFKDMv+gerLs4ltQ4RAjSeAKCi8wwEVg5ZLD93OC3/IuQVkx6auQCeOPKw 5NF4/ffEGbKEh50RKvY6fFY= =WGr4 -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: [Fwd: [USN-359-1] Python vulnerability]
--On 6. Oktober 2006 12:32:51 -0400 Tres Seaver <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris Withers wrote: ouch... I'd imagine Zope is vulnerable to this? What source version(s) of python have these problems fixed? If you build Python using the default config, it uses UCS2 (which is a better choice for long-running appservers, anyway). Why should be UCS2 the better choice (except for the reduced memory usage)? -aj pgpp4ImdGQT5Z.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] LDAPUserFolder & Password Retrieving
--On 7. Oktober 2006 07:47:54 -0700 Javier Subervi <[EMAIL PROTECTED]> wrote: Hi; I'm working on installing LDAPUserFolder. The documentation states one can't retrieve passwords because they're encrypted. Bummer. Well, in that case, is there a product for sending an email with a link to establish a new password? I mean, what do we do if the user forgot their pw? TIA, Javier3 You write a form where the user can enter its login name. You generate a new temporary password, change the password for the user id using the standard userfolder API, you send out an email to the user. Done...a straight-forward and trivial task. -aj pgpZmmX8NHo3I.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] LDAPUserFolder & Password Retrieving
Hi;I'm working on installing LDAPUserFolder. The documentation states one can't retrieve passwords because they're encrypted. Bummer. Well, in that case, is there a product for sending an email with a link to establish a new password? I mean, what do we do if the user forgot their pw?TIA,Javier3 How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )