Re: [Zope] Iterating over objects in ZODB
Am Mittwoch, 13. Mai 2015, 11:36:03 schrieb Rich Harley: is returned. How can I access the actual contents of the Python Script? The python script object seems a bit more complex then a DTML-Method object - means you have to access the script content of the python script object directly (not shure if it's params and body - have to look into Zope help (PythonScript.py) or Zope sources for the exact field). regarduing the object docs it shoudl work with .read() directly (if it IS a PythonScript object) or document_src: def read(): Return the body of the Python Script, with a special comment block prepended. This block contains meta-data in the form of comment lines as expected by the 'write' method. def document_src(REQUEST=None, RESPONSE=None): Return the text of the 'read' method, with content type 'text/plain' set on the RESPONSE. hth a bit and works, Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZEO manageUndo not working - DisconnectedError
Am 6. Mai 2015 01:24:50 MESZ, schrieb Sebastian Tänzer s...@taenzer.me: 2015-05-06 01:16:46 WARNING ZEO.zrpc (19205) CW: error connecting to ('::1', ): ECONNREFUSED 2015-05-06 01:16:46 INFO ZEO.ClientStorage zeostorage Testing connection ManagedClientConnection ('127.0.0.1', ) 2015-05-06 01:16:46 INFO ZEO.zrpc.Connection('C') (127.0.0.1:) hmm, just a small shot in the dark: Even if this should work too - why the client tries to connect the IPv4 address of loopback and the error gives the IPv6 of it back? I would try to eleminate this if possible and bring Zope down to IPv4 completely, because there are still many software libraries and applications around (even some underlying os parts) which are not well tested with IPv6. If this solves your prob - no idea... hth a bit. cheerioh, Niels. -- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope Digest, Vol 125, Issue 2
Am 6. März 2015 13:12:49 MEZ, schrieb Nico Grubert nicogrub...@yahoo.de: for future projects I look for new python based products. It would be really cool to get a new Zope Core Framework which offers Zope2 functionality for backward compatibility (like a Zope4) i.e. as a set of modules plus offers more modern concepts of web development to allow a soft migration / developement path for existing Zope2 apps / users / devels. yes, this might leave as a wish - but this are just my two cents herein... cheerioh, Niels. -- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope2 - pro/contra
Am Mittwoch, 4. März 2015, 11:30:30 schrieb Sebastian Tänzer: A few days ago on a barcamp the discussion lead to Zope and the usual comments, i.e. Zope is dead, I would not use that, Too complicated, Too old, Outdated, and so on. This is stuff typically spreaden by guys who don't know what Zope really is nor was and has (from my view) two reasons: 1.) The Zope project byself made very bad decisions within their communication strategy in the past - i.e. announcing a Zope3 (for which many was waiting for) which did never come out and shoulnt be backward compatible to Zope2. 2.) Several PHP projects (like Typo3 and WP) are miscalled as CMS widely and (in the case of Typo3) from the maintainers byself. PHP is available on many low cost hosting packages available on the market (even if they are often to small for a Typo3 site with some more load then a few visitors by day on a few subpages. So in the view of many web agents and even developers anything apart from PHP is'nt existing or is something excotically and/or for enterprise level. We had often to deal with any kind of PHP problems in the past where customers decided to use any PHP crap for their business applications. Running PHP on a pro level is not easier then managing Zope installations. 3.) Zope documentation was partly very bad - at least when it comes to installation and system administration, updating etc.pp. ZMS had some similiar problems which held it back from a very wide presence - i.e. the long time not public available documentation and the hardly specialized focus onto medicine in the communication. just my two cents, Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope2 - pro/contra
Am Mittwoch, 4. März 2015, 13:42:13 schrieb Eric Bréhault: For instance, it is pretty sure that nobody will invest the time needed to move it Python 3, and at some point it will probably be a problem. This is just another such story which leads to non-interest of Users into Zope and let me compare to Perl5, where many peoples was looking forward to Perl6 which was targeted to publish somewhere 15 years ago and perl5 is still available and maintained today. Where a demand is - there is a solution and Zope2 / 4 is not the only larger project still demand on python 2 and btw: afaik at least a part of the components / modules used in (or provided by) the Zope project today are still ported / running under python3. just my two cents, Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Troubles with a Zope-2.7.7-final instance
On 3/17/14, 9:05 AM, Herbert Liechti wrote: Hello I have some troubles Just an additional thing: If the problem is ZODB related (means only occurs if your applications zodb is used and not in a fresh, empty instance) you may make shure that the ZODB is not corrupt by i.e.: - export the whole ZODB (from Zope/ZMI root - export) into a zexp, create a fresh Zope instance with mkzopeinstance, copy all Products and Extensensions into the new instance, copy the zexp export from var into import from the new instance, start it and reimport the ZODB (cklick import) by the zexp export. OR - try to work with fsrecover or similiar zope tools to check / repair your ZODB hth cheerioh, Niels. -- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to locate unused objects?
Hi Jaroslav, Am Donnerstag, 6. März 2014, 06:44:22 schrieb Jaroslav Lukesh: does somebody have script to locate (and delete) unaccessed files (not viewed from some date) in the ZoDB tree with webserver log? hmmm, this is a confusing question. What do you mean with files in the ZODB? File objects? The ZODB only consists of objects - not files even when they are shown like files over HTTP, DAV or FTP. I think you are targeting a confusing way of solution. If you really want to delete some objets from your ZODB if they are not accessed over a time i would suggest the following solution: - if your object type does not provide an last access timestamp property or similiar in a way you need it (access in such a context could do mean a lot of different things in zope) you may add such an property to that objects and write a method which is proxying access to that objects (i.e. deliver it out over web) and updates that property to current time(stamp)/datetime. - write a simple method / Python Script / External Method which recursively looks for objects (i.e. of the regarding type) with your timestamp property and compare with current date. If the property is to old let delete or do whatever with em. I'm nearly to shure that no one has a script working as you described here for such a job, because access to the logfiles plus log data conversion would be much more difficult and could not be used in such a more general way. hth good luck. cheerioh, Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZODB data loss - help required
Tom Cameron t...@mooball.net schrieb: Ive just had a very disturbing and odd experience with data loss in the Hi Tom, do you have any Zope / event.log Logs from the timeframe? Just an idea: Did you make the Zope restart BEFORE your system update/-grade (i assume that you mean the Cent OS packet manager yum)? Did you make shure that all of your Zopes python libs (not managed by your yum system - if you have some) got rebuild after the system upgrade - at least the ones with system library / binary context? 5th September sounds a relative large timeframe today, but is possibly not if there was not a lot of changes / operations to ZODB or the volume was small. best regards, Niels. -- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ExtFile/ExtImage in Zope2 2.13 and Transaction Manager
Jesus Cea j...@jcea.es schrieb: I hit the problem that ExtFile tries to import from Shared.DC.ZRDB.TM import TM. Messing around a bit, I solved the issue installing Products.ZSQLMethods product (via https://mail.zope.org/pipermail/zope/2012-January/176324.html), but this is not working with 2.13.21. I am getting tons of upgrade warnings about zope packages. hmm, i did an install of 2.13.21 one week ago by the easy_install method (with python2.7) as documented on the Zope2 online manual. With 2.13.21 there was several products which are not longer part of the Zope core installation (bundle) and have to be installed seperately if required. I've installed ZSQLMethods too by the easy_install method which worked for me without probs, as long as you did not install extensions/products by hand which require further newer Zope core parts - then you will get such version conflicts afaik. This should work with the buildout method too, but not tried it yet. Do NOT install core products by hand (around the easy_install or buildout mech) as long as you did not checked the compatibility of that version with your Zope version. hth cheers, Niels. -- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Alternatives to ZWIKI?
Christopher Lozinski lozin...@freerecruiting.com schrieb: Wikis are an important thing. Clearly Zope 2 is going away. Something is needed on top of Zope 3. No and No, Zope 2 is still developed (mainly by/around the Plone project) but going over to Zope 4 which is widely backward compatible to 2. Both of them still use Zope 3 components. Zope 3 is just one framework following onto Zope 2 beside others like bluebream etc.. By architecture it should not be difficult to write a new wiki implementation in 2 or 4 - att i just know some wiki extensions to some Zope based CMS like Plone or ZMS. cheers, Niels. -- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] SQL and Python Products
Am Mittwoch, 16. Januar 2013, 16:34:01 schrieb Luiz Pasqual: We are trying to migrate a very old application on Zope 2.9, first we thought to migrate to Python Products and then upgrade Zope. We don't know what's the best way to deal with SQL querys in Python products. He is some options we are evaluating: - SQLAlchemy, leaving behind ZSQLMethods e Zope DA's - Psycopg - Python code access a Zope DA inside Zope So, what you guys think? I mainly use MySQL with Zope with the ZMySQL Database Adapter... Not shure if that something you're looking for. hth best regards, Niels. -- --- Niels Dettenbach Syndicat IT Internet http://www.syndicat.com PGP: https://syndicat.com/pub_key.asc --- signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Data.fs too big to pack...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dan Gaibel d...@cornell.edu schrieb: I have foolishly allowed my database to grow so large that I have no room to pack it. Is there any way that I could make it so that Data.fs.old gets populated on a separate drive or over the network? This should be possible by a link i.e. into a NFS network share i.e.: stop zope instance mkdir /myzopeinstance/share mount -t nfs 1.2.3.4:/myshare/ /myzopeinstance/share chmod 777 /myzopeinstance/share #(or give your zope instance user write access to that dir) mv /myzopeinstance/share/Data.fs.old /myzopeinstance/share/ ln -s /myzopeinstance/share/Data.fs /myzopeinstance/var/Data.fs.old start zope instance Alternatively you can put your whole /myzopeinstance/var onto a NFS share temporarily (could be to slowly for production) and move it back when shrinked. hth cheers, Niels. - -- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iIEEAREIAEEFAlDBABQ6HE5pZWxzIERldHRlbmJhY2ggKFN5bmRpY2F0IElUJklu dGVybmV0KSA8bmRAc3luZGljYXQuY29tPgAKCRBU3ERlZRyiDXMdAJwNx4LOA3Md ffCgeiXwlw4yuBzgjACeISXaoRikTXKoxMBNhQy8RhfCnLw= =8OVL -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] dynamic dtml-with from string content
Dear all, has somebody an idea here?: I try to define a property my_class_path (string) on a folder and want to use that within a dtml-with statement - i.e.: my_class_path is i.e. folder1.folder_sub dtml-with folder1.folder_sub seems to work, but i cant find any easy way to to use the content of the string my_class_path within the with statement. If i just have a single folder to get aquisition from, i just can use something like: dtml-with _[my_class_path] but if i have deeper pathes in my_class_path the this doesnt work. I just can do directly: dtml-with _['folder1']['folder_sub'] but i can't just put _['folder1']['folder_sub'] into my_class_path too - this didn't works too... It seems i have some tomatoes on my eyes. Can anyone push me back on the track here? Many thanks in advance... best regards, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] dynamic dtml-with from string content
Am Freitag, 17. Februar 2012, 15:15:23 schrieben Sie: varx = 'this is the text dtml-var _['varx'] = dtml-var varx = 'this is the text varxx = 'varxy' dtml-var _[varxy] = dtml-var varx = 'this is the text my_class_path is i.e. folder1.folder_sub so: dtml-with _[_.string.split(my_class_path, '.')[0]] dtml-with _[_.string.split(my_class_path, '.')[1]] ..your code /dtml-with /dtml-with This is very nice too - thanx! ;) best regards, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope instance not serving website - Site Error
Am Donnerstag, 2. Februar 2012, 10:15:44 schrieb Matthew Moore: For more detailed information about the error, please refer to the error log. It highly makes sense to do that (and i.e. post the details here) ;) cheeers, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope instance not serving website - Site Error
Am Donnerstag, 2. Februar 2012, 11:19:36 schrieb Niels Dettenbach: It highly makes sense to do that (and i.e. post the details here) ...aaaeh, sorry for the nopise - found it in your pastebin. raise AttributeError(name) AttributeError: main_template It seems main_template could not be found by Zope / Aquisition (anymore?). Not shure why... cheers, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope instance not serving website - Site Error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Matthew Moore m...@smtl.co.uk schrieb: worked fine. It's only since the server crashed it's not worked. Just to make shure: Do you have any backup from the var stuff of the Zope Instance (i.e. Data.fs* aso.)? Could you try to stop Zope, swap the backup in and try to start (shure, make a current backup of var before you swap in...)? May be Zope did something rolled within your ZODB and changed ZODB content in any way i/you can't see on a first view... I'm not a Plone geek but one possibl point could be somekind of update from/by zc.buildout you possibly runned in the past? Could you get any copy/backup of your full Zope instance (including external / local fs dirs if happen) and try so start that (you have to fiddle with proper pathes within etc, bin and your (former) local fs objects within zodb? good luck, Niels. - -- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com -BEGIN PGP SIGNATURE- Version: APG v1.0.8 iIAEAREIAEEFAk8qk0E6HE5pZWxzIERldHRlbmJhY2ggKFN5bmRpY2F0IElUJklu dGVybmV0KSA8bmRAc3luZGljYXQuY29tPgAKCRBU3ERlZRyiDfOqAJ4uyB1Ox9cy WA5y7rmalnU2ZvCcSwCVElJDj52lQ1TdDK2Lr0BMGq/WEw== =YyJg -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Help in deciding approach to Web App
Am Sonntag, 4. Dezember 2011, 16:15:13 schrieben Sie: As you mentioned, if I have to use mySQL, isn't it better for me to go with PHP+mySQL - easier to learn and deploy? ...just from my experience: PHP is - for different, but mainly technical/historical reasons - very widely spread within web applications, one major reason was/is i.e. the large (because easy) availability on low cost hosting environments in the past - but the most advantages was/are on the side of the hosting providers PHP might be easier to learn then other languages or frameworks, but maintaining large / complex applications / software projects within PHP could be a real mess. We develop nearly any web application with Zope / ZODB since = 10 years but are a hosting company byself - so we was not bound to PHP as many other internet hosting users in the past. A colleagues company produces very high level expert systems on Perl and Catalyst - requiring high skilled Perl programmers. From my experience developing within Zope / ZODB (with Python, DTML and/or ZPT) allows very high quality products within very short timeframes and even further maintaining the project is relative ressource efficient - especially compared to PHP. Most web application data structures (i.e. a simple web page) fit's much better by a oo object strategy then a relational (RDBMS) one. The major typical ressource hole within typical PHP+SQL web applications or i.e. a CMS solution is the translation of typical data objects into tables and vice versa. Producing i.e. one simple CMS page within a PHP-SQL CMS easily could trigger hundreds of SQL requests into many different tables - a significant overhead which has to implemented by developers and handled by the machines. But this is my view onto the issue - just my two cents... cheers, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Help in deciding approach to Web App
Am Montag, 5. Dezember 2011, 11:37:46 schrieb Sareesh Sudhakaran: But I'm restricted by hosting options for Zope at the moment, and will revert to Python once the project is deployed - and when I figure out whether mySQL is good enough or not. I hate having to type all those extra characters in php though.sareesh If i talk about Zope / Python i mean Zope (with Zope Python Script Objects and/or external (Python) Methods). At a earlier stage Zope devels discussed for integrating ingres or another RDBMS natively into Zope - but this is not longer the case as there are many Zope adapters / integrations / products available for different major RDBMS like MySQL or Postgres. For the data structures where you have to handle large tables MySQL would be the first choice while oo data structures would preferrably go into your ZODB. I.e. we handle large amounts of user data records within MySQL while all of the web content objects or even complex shopping products are handled within ZODB - both within the same Shopping Cart application. This all depends highly from you data model. By theory you are able to handle both in just on of the DB solutions. With Zope you have many options to use external database solutions within your Zope based application. best regards, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Manipulating images in Zope/Python
Am Montag, 24. Oktober 2011, 12:20:41 schrieb Brian Sullivan: My current plan is to use the Python Imaging Library to create the image (probably by overlaying some text on a stock image of a completion certificate to create a new image). The final image will then be emailed as an attachment to users. Is this a reasonable approach? Any others that anybody can suggest? Any samples of doing anything like this that anyone can point to? hmmm, this depends from how complex your graphic is and which graphical functions do you need. For this job your PIL should be coming with freetype. If you just want to place some rendered text on your bitmap graphic PIL should be enough (yourimg.text()). For more complex / difficult graphic works you may take looks at alternatives like python/gimp, PyX (pdf/ps, LaTeX), sax (pdf) or others... cheers, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hotfix for security vulnerability
Am Dienstag, 25. Oktober 2011, 12:52:33 schrieb Encolpe Degoute: Hello, Both of these url are not available: - http://download.zope.org/Zope2/index/2.12.21/versions.cfg - http://download.zope.org/Zope2/index/2.13.11/versions.cfg As i understand the hotfix posting right, the new full ZOPE versions (2.12.21 and 2.13.11) will come up later. For now there are only hotfixes available to close the hole. cheers, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hotfix for security vulnerability
Am Dienstag, 25. Oktober 2011, 12:28:39 schrieb Laurence Rowe: Can you confirm whether or not Zope 2.13.6 through 2.13.10 are affected? For me 2.13.10 seems to be affected (which makes sense as there would not be a 2.13.11 announced in the advisory). Is this possibly a typo? cheers, Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] serious security hole in manage users / Manage users permissions?
Dear Zope 2.12/.13 (4.0) devels, as far as i can see i may have found a serious security hole within Zope 2.12 / 2.13 (4.0 not tested yet) - I'm still investigate here further... problem: == Even on fresh Installs of Zope and fresh created instances on it anonymous / remote users able to access acl_users/manage_users by the web WITHOUT AUTHENTICATION. They can edit / delete / create users and serving roles as they want. Other management screens (as manage_main or manage_access aso. are protected as usual). In manage_access Manage user is only allowed for Manager (as by default). I don't believe that is any new behaviour of newer Zope versions... I've tested this with (last public) 2.13.10 and last 2.12.20 with python2.6. If any of the devels want to have a test url pls contact me directly. Fresh installed zope instances was configured with defaults configs, except setting user zope (and/or port-base). Tried it with now owner or the admin user as owner of the acl_users too. Can anyone prove this here too? If so, any solution / security fix? many thanks, best regards. Niels. -- --- Niels Dettenbach Syndicat ITInternet http://www.syndicat.com/ signature.asc Description: This is a digitally signed message part. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )