[Zope] ZDiscussions for Zope 2.2.2
Sorry about being such a winer yesterday. I needed a confera bulletin board for work (internal) with attachments, so I hacked ZDiscussions to work with Zope2.2.2. I needed to: 1) Get FileObject.py from Confera 2) add __allow_access_to_unprotected_subobjects__ in a few places. 3) Fix a check for "Cancel" 4) fix the size of __ac_permissions__ I uploaded it to www.zope.org (never done that before, it is pretty nice!). I left the RCS files in place in case anyone wants to critique my um-er work. http://www.zope.org/Members/cobrien/ZDiscussions_zope22 You may be happier with ZUBB or Squishdot. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] How about removing broken things like Confera and ZDiscussions?
Why are things like ZDiscussions and Confera even on the zope download pages? They don't work! It would be better if they were moved to a section called "Things that worked once but aren't being maintained so they don't work any more". Otherwise people starting out might see all these seemingly useful things and get frustrated when they dont work. Arrrggg. I just want a bulletin board that works! I know what you are going to say, so I'll start digging through the python code before you yell at me... -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How about removing broken things like Confera and ZDiscussions?
There is a ZDiscussions that works. It is called ZUBB. http://www.zope.org/Members/BwanaZulia/ZUBB But, I agree, old product that have been left behind (the old version of ZDiscussions/Confera) should be marked and or archived. J Might be better to have a more formal declaration of the dependencies on versions of products relied upon at the download pages -- for some products this has become a tricky and madning process to make sure all the versions are correct for a product to run. This is natural in the progress of Zope and Zope products and will become even more and issue as Zope matures even further. This can be formalized. I do like the way SGI does some of this. Bangs head. Doh! Why the heck don't products have explicit requirements the "package require n.m" in TCL. Heck, python ought to. Import Fred(1.2) from Bedrock Or something like that. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How about removing broken things like Confera and ZDiscussions?
There is a ZDiscussions that works. It is called ZUBB. But it doesn't do attachments. I really need attachments. I'm trying to fix Attachments in ZDConfera, but the FileObject class doesn't seem to exist any more. Arrg. -- cary http://www.zope.org/Members/BwanaZulia/ZUBB But, I agree, old product that have been left behind (the old version of ZDiscussions/Confera) should be marked and or archived. J From: "Cary O'Brien" [EMAIL PROTECTED] Date: Wed, 18 Oct 2000 09:36:13 -0400 (EDT) To: [EMAIL PROTECTED] Subject: [Zope] How about removing broken things like Confera and ZDiscussions? Why are things like ZDiscussions and Confera even on the zope download pages? They don't work! It would be better if they were moved to a section called "Things that worked once but aren't being maintained so they don't work any more". Otherwise people starting out might see all these seemingly useful things and get frustrated when they dont work. Arrrggg. I just want a bulletin board that works! I know what you are going to say, so I'll start digging through the python code before you yell at me... -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hardware minimum for development
Hallo, what's the minimum of hardware to develop Zope-sites(only for development). I'd like to know because I want to buy a laptop and don't want to spend much money ! Thanks. I use an old toshiba 325 cds (cd broken) (460 bogomips) w/ 48Mb of ram running Linux as both my desktop and portable machine for all sorts of development (Including Zope). Works fine as a desktop machine. Kind of a pain to plug/unplug the cables all the time. I can run a couple of zopes, pgsql, heck I even had Oracle on it for a while. You might need a bit more oomph for java development. The problem with the laptop is probably not the CPU/ram (well, get 64MB ram if you can) but the screen resolution and the pointer. Zope at 600x800 is tight. The little eraser-head pointer is a pain, and Zope development tends to need a lot of mouse action. I usually carry along a mouse. Even on the desktop (i.e with a monitor and keyboard plugged in) I am limited to 1024x768 8-bit color with a bad refresh rate. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Starting Zope
Bill wrote... Of course, it is entirely possible the user meant something other than s/he wrote. ;) But that last one doesn't seem to indicate that. To put it succinctly: If you want Zope to bind to port 80 on *nix you have few options: o Change Zope to run SID ** Bad Idea o Modify the kernel so _anyone_ can bind to ports under 1024 ** even worse o START Zope as root, run it as a non-priviledged user, preferably one without a login. You could also run zope behind Apache. The Apache bits that handle root permissions seem pretty well accepted. This doesn't really run Zope listening to port 80, but if you go to port 80 on the machine running Apache, you get to zope. One advantage is that you can bounce Zope all day long without even touching root. Plus depending on your setup you can have Apache running on a separate machine. This can be better depending on the situation (i.e. development machines behind a firewall with private addresses. The downside is that you need to become aquainted with the wonderful worlds of mod-rewrite and site-access[1]. Plus you may take a performance hit. -- cary [1] Can someone explain (or point me to the reason) why the base tag is necessary? It sure can make life difficult! File permissions are irrelevenat when binding to ports under 1024 on Unix. -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Starting Zope
Interesting argument. However, consider this: if you completely trust your 'firewalled' box, then why not run the web server as root? One response, Protection of the system from simple mistakes by trusted users? Also root can do a lot more, such as putting interfaces into promiscious mode. So the idea is to just lift the bind-to-low-ports check. in your case is the fact that you mention your trust on users(humans are the most easy to compromise, however that argument is a bit OT). However, do you trust all of your webserver code? Do you trust your cgi-bin scripts and applications? And by trust I not only mean harmful intent by the authors of software, but unintentional bugs which can be exploited, and will be given the privilege to bind to 1024 ports even when they run as a user with least privileges. My revised thinking is that the patch should only lift the restriction for just the necessary ports. Another idea is to do it with groups, say let group n be a "net-privileged" group. -- cary Just my opinion. nitesh. On Sun, 30 Jul 2000, Cary O'Brien wrote: Cary O'Brien wrote: Well... If you are running on Linux you could simply edit the kernel code to elimitate the check on being root to bind to low ports. That's what we did. Which is an even worse idea. Why? On a sufficiently firewalled off box, where the few logins are completly trusted, what's the diff? If you were worried about people cracking a user account and getting underneath telnet, than limit the lifting of the restriction to port 80. If you are concerned that non-root users could launch attacks from low ports at other machines, assuming that only good guys can come from low ports is pretty naive. The whole business about not letting anyone but root bind to low ports makes sense for a public access machine where all the first year engineering students have an account, but for a dedicated application server it is kind of misdirected. You ought to be running next to nothing but the application, and you had better trust everyone that you give a login to, and you out to have the thing locked down/firewalled well. So the tiny bit of possible protection may not be worth the hassle/risks of writing your own suid-wrapper, or the complexity of having a redirect and messing with site-access so that the port numbers in the zope -- what it is that parameter -- base or whatever, comes out write. Just for fun - does NT have the same restriction? -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Starting Zope
I've done it this way: http://www.zope.org/Members/otto/portfw It's also relatively easy to convince a hosting provider to add this, as long as you have a dedicated IP address. Perhaps I should have done a news item when I created this... seems a lot of people have hacked around the issue is all sorts of odd ways. :) -Otto. How can this work? Won't Zope put a "base href=http://server:8080" tag into the head of the document and mess things up? Won't you need site-access to work around this? -- cary Costagliola Giovanni wrote: Hello All, How can I to start Zope whit a different user than root and cath the default HTTP port? If I try for example: su - -c './start -w 80 -u zope' I receive an error becouse root hasn't granted the need privileges on /Zope/var/ directory. Thanx --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Starting Zope
Cary O'Brien wrote: Well... If you are running on Linux you could simply edit the kernel code to elimitate the check on being root to bind to low ports. That's what we did. Which is an even worse idea. Why? On a sufficiently firewalled off box, where the few logins are completly trusted, what's the diff? If you were worried about people cracking a user account and getting underneath telnet, than limit the lifting of the restriction to port 80. If you are concerned that non-root users could launch attacks from low ports at other machines, assuming that only good guys can come from low ports is pretty naive. The whole business about not letting anyone but root bind to low ports makes sense for a public access machine where all the first year engineering students have an account, but for a dedicated application server it is kind of misdirected. You ought to be running next to nothing but the application, and you had better trust everyone that you give a login to, and you out to have the thing locked down/firewalled well. So the tiny bit of possible protection may not be worth the hassle/risks of writing your own suid-wrapper, or the complexity of having a redirect and messing with site-access so that the port numbers in the zope -- what it is that parameter -- base or whatever, comes out write. Just for fun - does NT have the same restriction? -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Starting Zope
Costagliola Giovanni wrote: Il gio, 27 lug 2000, Oleg Broytmann ha scritto: On Thu, 27 Jul 2000, Costagliola Giovanni wrote: How can I to start Zope whit a different user than root and cath the default HTTP port? Use different way - start Zope as root, catch port 80 and drop uid. I receive an error becouse root hasn't granted the need privileges on /Zope/var/ directory. This is a different error, not a problem with port 80, ah? I see Oleg, more exactly I would start ZServer with an user like 'zope', for example, but at the same time I want it links the port 80! I could use the root user simply but I'll lose my sleep :^) Can you give me some input? If you want to bind to ports 1024 you _must_ be root. ZXope can run as another user (the -u user option), but it must be _started_ as root, if you want to bind to port 80. Period. Sorry, there is no other way, short of making Sope SUID, which is a very, very, very, very, very, very bad idea. Well... If you are running on Linux you could simply edit the kernel code to elimitate the check on being root to bind to low ports. That's what we did. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope for secure transactions?
1. Can Zope support SSL or https? AFAIK without support of some other tool not. If you have money ($12,000 us), but not programmers/time you can buy a box to do this from Intel. Plus it is very fast. http://www.intel.com/netstructure/products/accel_7110.htm (Not an Intel employee, but they did serve me a very nice Breakfast while telling me about their products). Or you could put Zope behind Apache-stronghold. -- cary 2. Is there some way in Zope through which i can use secure transactions. I suspect that yes, although I have not done it. You should be able to use Apache-SSL as frontend to Zope (employing ProxyPass). There is also another method, which can work and even be simpler: stunnel (generic SSL encryption wrapper). I have not run it with zope but I saw it running perfectly as frontend to POP3/IMAP mail server. -- Marcin.Kasperski | A reusable framework that is developed by itself will @softax.com.pl | probably not be very reusable. (Martin) Marcin.Kasperski | @bigfoot.com | --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope and Tuxedo?
Has anyone used Zope to act as a Tuxedo client? Is anyone interested in doing this? Mostly it means creating a python extension that acts as a Tuxedo client, and then integrating that into Zope as a ZClass or Product or something. -- cary Tuxedo is pretty slick. You can download a trial version if you want. http://www.bea.com/products/tuxedo/index.html ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Python/Tkinter Zope
charset="US-ASCII" Would it make any sense ? Such an application could only run on the server. Not exactly the idea of a web-enabled application ?! To use it on a client at least Python and TKinter should be installed on the client. This would only be feasable in a corporate environment, but then, why still use Zope ? I think I do not know what you want with the combination of GUI and Zope. Hmm. There is jpython, which is a python interpreter written in java, which I guess can access AWT/Swing classes. So you could do the GUI that way. I don't think there is a tk in java. See www.jpython.org for more. There is or was? also a TCL/TK plug-in. It seems dead now. I don't know what the heck is going on with Scriptics. Ajuba? Huh? Or (on a roll now) you could use the X version of Python/TKinter and remote the display using VNC, or one of the Java X servers. -- cary Gijs -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]Namens Tim Cook Verzonden: woensdag 26 juli 2000 5:03 Aan: Zope List Onderwerp: [Zope] Python/Tkinter Zope Has anyone used this combination for GUI inside a Zope app? -- Tim Cook -- FreePM Project Coordinator - http://www.freepm.org OS Healthcare Alliance Supporter - http://www.oshca.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Which PostGreSQL DA should I use?
On Fri, 07 Jul 2000, Eric L. Walstad wrote: OK, I am thinking about going from MySQL to PostgreSQL for its transactions and subqueries. I am curious which DA I should use and why. I see that I can choose from: 1. SQLRelay 2. ZPoPyDA 3. ZPyGreSQLDA Which are you using and why did you choose it over the others? i have been asking the same Q too. i am current;y using ZPygreSQLDa, and have been from the start. i think there's no more development done on this DA ( imight be wrong though). I wish there was. For ZPyGreSQL, I would really like to see: 1) Thread-safe operation. I.e., if desired, one database connection per thread. Or better yet a pool of connections, allowing m threads, but n (nm) concurrent PostgreSQL queries. 2) A bit of introspection, i.e. showing the tables and columns. We're getting people who simply can't handle a command line, so they can't really run psql in a separate terminal window. Gadfly DA does this. Any hints/takers. I've looked over ZPyGreSQL pretty carefully -- it isn't all that big. i wanted to try PoPy, but the last time i checked, i can't get the PoPy tar ball. this is actively maintained, i think SQLRelay, i have compiled and installed, but i can't figure out how to use it. i cant start the listener without an error.( can't bind something). and i'm not too sure how how the connect string looks like if i have a user with no password. but i think this may be the best solution, since we can specify the connection pool, and have a cache for results too. Interesting. Gotta look into this. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Arrg! dtml-in can't handle lists of pairs!
"Cary O'Brien" [EMAIL PROTECTED] writes: It seems as if dtml-in handles lists of pairs specially. It does, and it is documented. Where? I even looked through the code in DT_In.py and couldn't figure out where it handled this special case. This seems to me like a pretty big gotcha. I did find out that a list of two items was not handled the same way as a tuple of two items. Unfortunately I couldn't figure out how to invoke list(). For pairs, the first component becomes "sequence-key" and the second "sequence-item". Not a good thing. Can I supress this behavior? Not that I know. Well, the only solution I came up with was to iterate with an index over the size of the thing. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Database Adaptors and security and query()
Couple of things came up trying to use the current PostgreSQL da and zope 2.2b3. I am working on a ZClass that lets you define and create tables in a database, so I needed to execute some generated sql [1]. 1) I couldn't access the query() method of the connection unless I added our friend __allow_access_to_unprotected_subobjects__=1 to the DB class defined in ZPyGreSQLDA/db.py Is this ok? 2) Re calling query(). The query method only returns a tuple used to create a Results object (which dtml-in would like). So I added a method to return a real live Results object def query_result(self,query_string, max_rows=999): return Results(self.query(query_string, max_rows)) Which does what I want. Is this ok? Is this a good idea? 3) I went down several wrong paths until I realized that it seems as if dtml-methods can't return anything but strings. Is this right? 4) Grumble. I had a lot of trouble with the interaction between Results returning data as tuples, and dtml-in handling tuples of 2 differently than everything else. Create a table with 3 columns, everything works. Create a table with two columns, things dont work. Is there access to list() anywhere? -- cary [1] I know, I can hear you saying "Use ZSQLMethods" but 1) You can't subclass them, and b) You can't put one inside a ZClass without a dummy connection. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Arrg! dtml-in can't handle lists of pairs!
Ok. I get a list of rows from a database query. I want to iterate over the rows. If there are 3 or more columns in the table, everythin is fine. If there are 2 columns, it doesn't work. It seems as if dtml-in handles lists of pairs specially. Not a good thing. Can I supress this behavior? Here is an example of this: --- h4Iterate over 3.tuples/h4 dtml-let list="[('a','b','c'),('d','e','f')]" dtml-in list dtml-var sequence-itembr dtml-in sequence-item dtml-var sequence-item/br /dtml-in /dtml-in /dtml-let h4Iterate Over 2-tuples/h4 dtml-let list="[('a','b'),('c','d')]" dtml-in list dtml-var sequence-itembr dtml-try dtml-in sequence-item dtml-var sequence-item/br /dtml-in dtml-except h4Why can't I do this!/h4 /dtml-try /dtml-in /dtml-let h4Iterate Over 1-tuples/h4 dtml-let list="[('a',),('b',)]" dtml-in list dtml-var sequence-itembr dtml-in sequence-item dtml-var sequence-item/br /dtml-in /dtml-in /dtml-let --- -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope 2.2.0b3: can't call db_connection.query()
With Zope 2.2.0b3, I can't seem to call the query() method of a database connection any more. For example, with a PostgreSQL connection called dbconn, calling dtml-with dbconn dtml-var "query('select count(*) from pg_class')" /dtml-with Works fine with 2.1.6, but with 2.2.0b3, I get... Zope Error Zope has encountered an error while publishing this resource. Unauthorized ... File /usr2/local/zope/Zope-2.2.0b3-src/lib/python/DocumentTemplate/DT_With.py, line 146, in render (Object: dbconn) File /usr2/local/zope/Zope-2.2.0b3-src/lib/python/DocumentTemplate/DT_Util.py, line 327, in eval (Object: query('select count(*) from pg_class')) (Info: query) File /usr2/local/zope/Zope-2.2.0b3-src/lib/python/OFS/DTMLMethod.py, line 189, in validate (Object: test1) File /usr2/local/zope/Zope-2.2.0b3-src/lib/python/AccessControl/SecurityManager.py, line 139, in validate File /usr2/local/zope/Zope-2.2.0b3-src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 158, in validate Unauthorized: query Any ideas? There doesn't seem to be any permission to set. What I would like to do is add some functions to the PostgreSQL DA so I can view table names and column names. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Why can't I subclass a ZSQLMethod?
I tried that. You can't add a ZSQLMethod unless there is a connection for it to connect to. There isn't a connection in the products area. Actually If I put a dummy gadfly connection in the Product folder, I can indeed add a zsql method to my ZClass. However I can't get a view to it. I can configure it as a view, but it doesn't show up in the management tabs. I guess it may be possible to leave it invisible and use other methods to set the query, arguments, and database connection. More digging through the .py files! -- cary Why don't you create a ZClass and make the ZSQLMethod to be one of its methods? Then the ZClass can provide the user interface to the SQL query and the result set. Regards, Ivan Raikov "Cary O'Brien" [EMAIL PROTECTED] writes: I want to wrap a presentation layer around ZSQLQueries, so that they will have methods to generate an input form [1] for the query, and generate tabular results if so desired. I tried to create a ZClass to do this, but I can't subclass from a ZSQLMethod. Any other ideas on how to do this (besides a class where you have to tell it the ZSQLMethod to use)? -- cary [1] Using sql.arguments_str to find out the arguments. Finding THAT was a struggle! ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] dhtml-try broken in 2.2.0b3?
I was porting some stuff that had a dtml-try to the newest Zope (2.2.0b3) and I had problems with a dtml-try block. I tried a fresh install and had the same problem. To reproduce, create a DHTML method with dtml-try dtml-var "1/0" dtml-except h4It blew up/h4 /dtml-try Accessing the document errors out with... Zope Error Zope has encountered an error while publishing this resource. Error Type: TypeError Error Value: unexpected keyword argument: error_type [Snip] File /usr2/zope2/Zope-2.2.0b3-src/lib/python/DocumentTemplate/DT_Try.py, line 212, in render File /usr2/zope2/Zope-2.2.0b3-src/lib/python/DocumentTemplate/DT_Try.py, line 244, in render_try_except File /usr2/zope2/Zope-2.2.0b3-src/lib/python/DocumentTemplate/DT_Util.py, line 262, in namespace TypeError: (see above) So I'm back to 2.1.6. Arrg. Any ideas? -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZODB or not ZODB?
charset="iso-8859-1" I am implementing a document Library using Zope. It has an exhaustive index with several thousand topics in an outline residing on a PostgreSQL database. This works well and I like it. My question is where is the best place to store the documents themselves? They will be static HTML documents ranging from 1-50Kb in size roughly. There will probably be at least 10,000-15,000 of these documents in the library once all is said and done. In my mind I have three options: 1. Store them on the filesystem. 2. Store them in a PgSQL table as blobs. 3. Store them as DTML Docs in the ZODB. The filesystem, imho. This lets you spread things out over multiple disks and even (perhaps) multiple systems. Worst case you've got 50k x 15k = 750M. Big for a ZODB (?), but no sweat for a file system. PgSQL blobs are not yet ready for prime time. For one thing, I think they are all created in the same directory. And I'm a big PgSQL fan, so this pains me to say, but it is true. They are working on it. See the TOAST project in the postgresql mailing lists. You want to spread the documents out over a couple of directories. I've set up systems where everything had an ID and we'd split things up via digits in the id. I.e. document 252a8b7c is file 25/2a/7b/25218b7c. You could even compress the files if you wanted to. And you could use the "LocalFileSystem" (is that it?) product to serve up the files through Zope. You could tweak it to decompress too. I would like to eventually have full text searching capabilities, so that makes #1 less attractive (I would likely need my own Python method to do it). #2 is somewhat of a pain to implement due to limitations in the PgSQL row size and text searching would be slow. With #3 I could in theory use a ZCatalog to implement the searching, so that is done for me. I'd put the full text search into PostgreSQL. When the doc comes in, strip out the keywords and index it. Is ZODB up to the task of storing this quantity of objects? What problems might I run into? Is it a wise idea, could a data.fs file of this size (~3-400MB) become too easily corrupted? Should I use a separate data.fs file just to store the documents (ie using mountedFileStorage)? Or is it better to use method #1 or #2? Information from anyone with experience in this regard is greatly appreciated. We implemented a system using #1. Actually, we had lots of little documents so we concatted and gziped them in batches of 200, keeping the filename, offset, and length. Turns out it was quick enought to unzip the file and pick out the document of interest. And batching them up kept the compression ratio up. System worked great, but was cancelled about a week before it was going to go online. ouch. I'll let others speak to 3. I've never had a problem with ZODB, but I've never put 750MB in it. -- cary -Casey Duncan [EMAIL PROTECTED] --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] newbie changingover to zope from html/cgi??
can i replace javascript with python/DTML. I have used drop down menus in the pages using javascript. Is these available in Zope or is there some way of using these. I'd keep the drop-down menus in javascript. You can do similar things in zope (i.e. the tree tag or the tab bar at the top of the management interface), but then every change is a fetch back to the web server. If you keep the javascript then it all happens at the client. If you want you can generate the javascript with dhtml. That way the contents of the menus can follow your site. You'd have to set the comtent type so that the browser thinks it is javascript. (hmm, how is javascript cached??) -- cary [snip] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Images not showing
Dieter wrote... [EMAIL PROTECTED] writes: I've noticed that when i install images into the Zope database and call them sometimes they display as broken link images instead of the picture. after revisiting the image in the management screen but not making any changes just resaving it they work again. Anyone have any ideas what I might bedoing wrong or if this is a bug? I'm running Zope 2.16 on WinNT(unfortunately) 4.0 I see this too. Try to view the image alone. Netscape has a menu item "view image" in the context menu for images. Alternatively, you can directly open the image's URL. Opening the image alone gives you more information about the problem: you prabably will get a standard Zope error page with problem description and traceback. Maybe, you encountered some of the image problems that have been discussed in Zope or Zope-dev about 2 weeks ago. Do you have any more detail, or a reference, or a subject I could use to look it up? -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Costs of implementation
I am trying to motivate the use of Zope / Zcommerce, and to do this need some timing ideas - Does anyone have thoughts on how long (man hours per expertise) it took them to go from no Zope to (Zope + Steve Spickelmire and Co's EMarket) and to a successful transaction? Hopefully this will be of general interest for anyone doing a business case or planning, so if you have any thoughts on "we expected x by experienced y" it should make interesting reading. Zope has a sigmoidal[0] (is that the word?) learning curve. Out of the box it installs *very* nicely on unixen, and you can clickety-clickety around and create folders [1], upload files, and set up a static web site pretty easily. Then you want to connect up a database. My experience is limited to PostgreSQL, but the sigmoidal shape repeated itself. The database adapter dropped in without a hitch, and simple queries worked great. I implemented a reasonable database-backed problem tracking system for our company last summer in about 2 weeks of fiddling around and 2 solid weeks of implementation (my sql/web skills are ok, my python knowledge is um, a work in process). And it has been operating flawlessly for over a year. But then comes the steep part. Anytime you mix several languages inside themselves, things are hard. Productive as hell if you get it write, but hard. With Zope you've got to wrangle HTML, DTML, Python (at least for expressions) and SQL if you're connected to a database. A misplaced quote, comma, or bracket can throw you off for a long time. Ok, we've got the source, but debugging Zope stack dumps can be a pain. But after a while it gets better. I *think* I'm starting to at least see the shallow part of the learning curve at the top, where you can do things like implement a ZClass container that acts like a Dynamic HTML layer in an afternoon. Which I did, but only after 3 very bad false starts. The base Zope documentation needs some work. The HOWTOS and TIPS have saved the day many, many times. But back to the business case. My feeling is that even with the steep bits of the learning curve, Zope is a big win for implementing services. Zope wins because if you do a good job getting things working, you have an incredibly flex able system for dealing with the inevitable never ending stream of change requests. And thats where the payoff is. At list I *hope* so :) -- cary [0] S-shaped. like this ( _/-). shallow/steep/shallow. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Secure storage of credit card info
OK, any of you out there who have thought about ecommerce, cryptography, and zope, I've got a design question for you. Actually, this question is independent of zope, but I need to solve it in a zope context. You have a ZCommerce site. You accept credit cards, and securely communicate with a CC processor to verify the transacton. Now, you want to save the CC# and other info in case something needs to be done with it later, and probably store the CC# so this customer doesn't have to type it in again later. Regardless of whether you are storing this info in a relational database or in the ZODB, how do you secure that information? Ideally I'd like it to be encrypted on disk. Now, storing it in a database probably makes it pretty hard to grep out even if a hacker manages to snarf the database file, but I'd like to encrypt it. But if I encrypt it, I have to have a decryption key somewhere. Where do I store the decryption key so that the cracker who snarfs the database file can't get it (just in memory somewhere?), and yet have the system be able to boot itself, including having the key, without human intervention? It seems to me like this is a Hard Problem, but I'm not up on the current cyrptography practice. So if there is a well known general solution, I'd love to hear about it. Otherwise, does anyone know what current Best Practice is? Good question. I was just talking to someone about this a few days back. What they did was to a) create a public/private keypair. Don't leave the private key ANYWHERE except on the CC verification machine (described below) b) encrypt the data using the public key c) store the encrypted data d) ship the encrypted cc information through an internal firewall[1] with one hole to a CC verification back end. This back end is protected as much as possible, accessible by as few people as possible. It uses the private key to decrypt and verify. You are still vulnerable if someone can get in and snarf the CC information during b), but at least you don't have thousands of CC numbers hanging around on your frontend or database machines. The idea is that the CC verification machine is much less likely to be compromised. Best practice? I don't know. But it sounded like a good idea to me. Hope I got this right. (Hi Ramon!) -- cary [1] Which also needs to have limited access. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: [ZCommerce] Secure storage of credit card info
- You have a ZCommerce site. You accept credit cards, and securely - communicate with a CC processor to verify the transacton. Now, Besides Bill's suggestion, keep all your servers behind a good firewall. One option is to use Linux IP Masquerading, having your webserver *and* database server use 192.168.0.??? IP Addresses. Then, turn on port forwarding on your Masq server, so that all incoming requests on port 80 go to (something like) port 8080 on your webserver, which then responds to the request. You could just use an encrypted filesystem on the database server, although that may be too slow (and possibly overkill?). At that point --assuming your firewall is secured-- you'd more or less need physical access to your internal network to see those CC#s. The only real danger left is a misconfiguration (or bad code) in your webserver software. (read: don't use IIS :) I would work from the assumption that, worst case, your web server machines may get rooted, either from external attacks or from internal "human engineering". And that people can modify your software and install sniffers. [1] Especially if you have a lot of people modifying content on that machine. That's why you get the best protection with a separate machine, firewalled off, with limited access, plus Public key encryption. If you get rooted and you don't know about, you've lost the game. If you get rooted and you find out, you've only lost those CC numbers that were processed while you were compromised. My 2 cents. I'd be interested to hear alternate viewpoints. -- cary (who worries alot) [1] Which is why switches (rather than dumb hubs) are nice. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZDiscussions in classes?
charset="iso-8859-1" Hi, I have a problem with getting ZDiscussion working the way I want it to. First a little background, so it becomes easier for me to explain what I want to do: On my site I have several users (called "artists") that I have built a ZClass for. This Artist-ZClass contains a propertysheet with the properties of the artist, it also subclasses ObjectManager, so the artists can add their own pictures in their own object. This works excellent, and I am about to take the next step - adding a discussion forum on each artist, so people can discuss the artist's work directly on his pages. I then tried to add a ZDiscussion Topic ("discuss") in the ZClass. (I also regenerated the methods before proceeding, to get the default interface.) When I tried to access the discussion at: http://my.host/artists/testartist/discuss Zope asks me for a login, and not even the superuser can access it. Either my thinking is screwed up (it often is ;), or it is impossible to accomplish this with ZDiscussions. Could anyone offer me some insight as to what I'm doing wrong here? Do you have anonymous access turned off? (I.E. do you need a password to view anything?) If you cancel the request, do you get a traceback pointing to something in the TreeTag file? If so, you may need to allow anonymous users to access content information for the discussions. I don't understand why this should be the case, and I couldn't debug it because I couldn't figure out what validate did. -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Problems uploading large attachments
I am using confera to help coordinate some development work I would like people to be able to upload large (100k) attachments into the system so the documents can be shared by people at different sites. I find that things work fine for small attachments, but for larger attachments, Zope is very slow in reading from the socket, and the browser often times out. Any ideas? Also, couldn't seem to run strace on the zope process. I started under strace but the system went bezerk opening sockets or something. Is there any way to start a single-process non-threaded zope server? (Oh, Zope 2.1.6, Linux glibc/2.0.something kernel,ix86). -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Confera and strict permissions
I'm trying to set up a small site with a Confera topic (using Zope 2.1.6). It is going to be accessed by some off-site co-workers through the internet, so I am concerned about security. Access is through Apache on the firewall with some mod_rewrite address filters, but I'm kind of a belt-and-braces guy when it comes to security, so I only want people who have user entries and passwords to access the discussion. No anonymous access at all. But, if I remove the default "Anonymous" access privileges granted in the root folder, even users with user entries who can access other documents get access denied when trying to view the Confera topic. This happens for both remote and local access. The error traceback seems to point to a problem with the tree tag rendering components. Any ideas? -- cary (Currently kind of frustrated with Zope. Everything seems hard.) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Interbase / Cacheing - A thought
Ian Sparks wrote: Had a thought that I wanted to share. Interbase has a feature known as "event alerts". In a trigger you can post "events" which are just fixed data strings e.g. "DataAdded" or "Insert_tblUsers". PostgreSQL has them too. It's not (afaik) supported by DB-API, but could be used in a DA that talks to some lower level API. They are supported by the TCL interface that comes with PostgreSQL (src/interfaces/libpgtcl in the PostgreSQL source tree) if you are looking for examples of how they work. (Search for listen and notify in pgtclCmds.c -- cary A client database connection can register to listen to these events. I don't know if any Zopeish Interbase access method supports this (ODBC doesn't to my knowledge) but it would be incredibly useful for synching cached database objects. Zope could hold a representation of the table data in cached objects for quick access. Each object could have one or more "event" methods which related to a database event. When the database adaptor received an event message from Interbase it could inform all objects with a matching event method (these methods would refresh their cached data with current values from the database). In this way database and Zope cache could be synced *without* having to poll the database at an interval. In all, a very efficient mechanism. Just an idea I wanted to put out there. Thanks for getting it out. I have been contemplating the same for PostgreSQL but have been too lazy to do it myself ;) -- Hannu --__--__-- ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZDiscussions and Zope 2.2
Hi Cary, I'd be really happy if you could try out Squishdot 0.4.0 for what you're doing. It's kindof ZDiscussions on steroids and should work with 2.2, although I haven't had a chance to test it yet... It seems broken. Using Zope-2.2.0a1 and Squishdot-0-4-0, this is what happens. Install squishdot, restart - ok. Create a squishdot topic from the management interface - ok. Access the empty topic (i.e. directly, not through management interface) - ok. Click "Post Article", get article entry form - ok. Add dummy article, click Add, get "Your article has been posted" confirm. page - ok. Click OK from confirm page, get Authorization Failed - Retry. Give up, traceback below. The new security stuff in 2.2 seems to have broken a lot of stuff. Seems as if I may have to rollback some internal sites back to 2.1.6. -- cary - traceback - Traceback (innermost last): File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/ZPublisher/Publish.py, line 224, in publish_module File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/ZPublisher/Publish.py, line 189, in publish File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/ZPublisher/Publish.py, line 175, in publish File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: index_html) File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: index_html) File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/Products/Squishdot/Squishdot.py, line 1215, in index_html File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/OFS/DTMLMethod.py, line 160, in __call__ (Object: posting_html) File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/DocumentTemplate/DT_String.py, line 500, in __call__ (Object: posting_html) File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/DocumentTemplate/DT_Util.py, line 327, in eval (Object: meta_type == 'Comment') (Info: meta_type) File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/OFS/DTMLMethod.py, line 180, in validate (Object: posting_html) File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/AccessControl/SecurityManager.py, line 139, in validate File /usr2/local/zope/Zope-2.2.0a1-src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 160, in validate Unauthorized: meta_type ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] confera, zope 2.2, and attachments
(Vitaly ([EMAIL PROTECTED]) helped me with this. The problems was that it wasn't possible to add an attachment to a ZDConfera message) Note this is with Zope 2.1.6. Thanks for the information on fixing attachments in ZDConfera. Note that the latest version of ZDiscussios (0.2.0) does use FileObject() in ZDConfera.py, but it doesn't import FileObject, and the icon is wrong. The error is masked by the try block. So the fix I used was... 0) Get ZDiscussions 1) Get Confera 2) Cope FileObject.py to lib/python/Products/ZDConfera 3) Edit ZDConfera.py 1. at the beginning add "from FileObject import FileObject" 2. change "icon='misc_/Confera/attachment.gif' to "icon='misc_/ZDConfera/attachment.gif' 4) Restart Thanks again, -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] confera, zope 2.2, and attachments
With a confera discussion, I can't seem to add attachments. I can enter a file name into the file upload box, and there are no errors, but when I view the message there is no attachment. Am I doing something wrong? -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] ZDiscussions and Zope 2.2
I can't seem to add a ZDiscussions topic any more. I keep getting authorization failures. Managers are allowed to all zdiscussion topics on the security page, though. Is this related to the problem with ZSQL queries and the new permissions scheme with 2.2? -- cary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )