Re: [Zope-dev] How (in)secure is Zope?

[Lennart Regebro]

My answer to this is:

1. Protecting yourself from your users:
Zope fine grained acces control means that you can set up access 
restrictions that do exactly what you want and let user do what they 
need, and prevents them from doing what they should not.
Obviously you can also make everybody do everything, so how secure a 
software is in this sense is not a measure of how secure your 
installation is, but of how secure it CAN be.

In this sense Zope is VERY secure.

2. Protecting yourself from packet snooping:
Zope doesn't have any encryption built-in, SSL needs external software 
to implement fro example.

In this sense Zope can be MADE secure with some work, but is not secure 
at all out of the box.

3. Protecting yourself againt forceful entry:
To my knowledge, nobody has cracked open a reasonably correctly 
configured Zope server yet. If this is because nobody has tried or 
nobody has suceeded, I wouldn't know. Security by obscurity does not 
help against the determined hacker, but it helps against script kids, 
and they are a more common problem.

Zope is probably secure in this sense.

4. Protecting yourself against data loss:
The ZODB is very resilient against crashes and data loss. Making a 
simple backup each day is plenty.

Zope is VERY secure in this sense.

5. Protecting yourself against denial of service:
Zope does not seem to crash if you send random data to it, and I have in 
logs seen attemps to overflow buffers and the like that obviously are 
attempt to crash or break in to other (MS) servers, without this 
affecting Zope at all. If you don't trust Zope in this, you can put 
Apache in front of it.

In this sense Zope is again VERY secure.

So all in all, Zope is a pretty good choice from this standpoint. I 
wouldn't use it without external SSL stuff if I were a bank, but 
otherwise I'm perfectly confident in the stability and security of Zope.

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope3-dev] Re: [Zope-dev] How (in)secure is Zope?

[Steve Alexander]

So I think we can reliably say that stock Zope is secure.  An insecure 
product, on the other hand, opens up many possibilities, but that ought 
to be the subject of a different discussion.
...and if we do have that discussion, can it please be on 
[EMAIL PROTECTED], and not cross-posted to both [EMAIL PROTECTED] and 
[EMAIL PROTECTED]

Unless the discussion is about Zope 3 products, in which case it should 
be on only [EMAIL PROTECTED]

--
Steve Alexander


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Jamie Heilman]

Lennart Regebro wrote:
 5. Protecting yourself against denial of service:
 Zope does not seem to crash if you send random data to it, and I
 have in logs seen attemps to overflow buffers and the like that
 obviously are attempt to crash or break in to other (MS) servers,
 without this affecting Zope at all. If you don't trust Zope in this,
 you can put Apache in front of it.
 
 In this sense Zope is again VERY secure.

No it isn't.


(somewhere far in the distance Rainer Wolfcaststle is heard crying,
My RAM!  The proxies, they do nothing!)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Toby Dickenson]

On Thursday 13 March 2003 5:21 am, Shane Hathaway wrote:

  The only vulnerability would involve
 trusted users who want to vandalize Zope.  So even though there have
 been many hotfixes, they are irrelevant--Zope is still secure. (Unless
 you can't trust your trusted users, which is a different problem.)

Of course you cant *completely* trust your trusted users. Thats why we have 
seperate user accounts, and seperate roles.

IMO:
Zope is sufficiently vulnerable to abuse from trusted users to justify 
concern. The normal zope development model is to consider normal python code 
as trusted - normal python code can do anything without security checks. Zope 
has many normal python methods that can be called by through-the-web code 
(after permission checking). In unix terms this is equivalent to having many 
setuid root programs. IMO concern can be justified without needing to find a 
specific exploit. From this point of view, Jamies advocacy of using Unix 
mechanisms to restrict this 'trusted' python code is valuable.


On Thursday 13 March 2003 1:58 am, Jamie Heilman wrote:

 I will go on record as saying that, recently, response times to
 security related issues in the Zope2 tree have been disapointing.
 Construe from that what you will.

It is hard to find time for security work among the feature rush of the cvs 
trunk, and without compromising the stability of the maintenance branch.

Would there be any interest from other developers in addressing these 
potential security issues in a *fork* starting with the 2.6 maintenance 
branch?

(reply-to set to zope-dev)

-- 
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Max M]

Jamie Heilman wrote:

In this sense Zope is again VERY secure.
   

No it isn't.
 

A statement like that without an argument is worthless in a discussion. 
You need to elaborate as we cannot read your mind and see what lies 
behind the statement.

regards Max M

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Toby Dickenson]

On Thursday 13 March 2003 9:25 am, Lennart Regebro wrote:

 5. Protecting yourself against denial of service:
 Zope does not seem to crash if you send random data to it, and I have in
 logs seen attemps to overflow buffers and the like that obviously are
 attempt to crash or break in to other (MS) servers, without this
 affecting Zope at all.

There is evidence that this is not true.

 If you don't trust Zope in this, you can put
 Apache in front of it.

 In this sense Zope is again VERY secure.

Zope is insecure

Zope+Squid(or Apache or Pound)+OS resource limits+careful choice of products  
is secure

(Note that  I dont consider this a flaw in Zope.)
-- 
Toby Dickenson
http://www.geminidataloggers.com/people/tdickenson

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Jamie Heilman]

Max M wrote:
 A statement like that without an argument is worthless in a discussion. 
 You need to elaborate as we cannot read your mind and see what lies 
 behind the statement.

My statement wasn't really aimed at you, sorry, I'm not playing fair.
My statement was aimed at people who don't have to read my mind
because they've been informed, and I'm making it in a public forum to
be a pain the ass.

I've already mentioned I have outstanding security related bugs in the
collector, and as Toby noted I've been vocal on the value of process
seperation and resource limits.  This isn't a coincidence.

Without properly configured resource limits, it is trivial to use an
exposed Zope instance to exhaust host resources.  This isn't entirely
Zope's problem, this is usually an issue of misconfiguration.  For
example, until Zope 2.6, ZServer imposed no length limits on HTTP
request headers.  (These headers are read directly into memory, thus
it was fairly easy to exhaust the memory of a host without resource
limits.) When I found that out I reported it as a bug, and it was
promptly addressed. (kudos)  Now it could easily be argued, and I
wouldn't be inclined to really disagree, that header length limits
should be configured by the fronting server.  What I didn't appreciate
at the time is just how important a front-end proxy server is for
Zope.  If you expose Zope to a hostile network, it is mandatory.  So
now I don't consider this kind of thing a bug in Zope, unless Zope
happens to make it possible to drastically amplify the effects of such
an attack, (at which point crashing zope by running it into a resource
limit becomes trivial) and a front-end proxy is unable or unlikely to
thwart the attack.

Zope's bug collector hides security related bugs until they are deemed
worth of display by the controllers.  Personally I think full
disclosure is preferable to secrecy, but I'm willing to play by the
rules laid down as long as I think the system is working for the
general benefit of the community.  You may have noticed I haven't been
terribly secretive about recent cross site scripting or cache
poisoning issues, and that can be attributed to, in part, my growing
disastifaction with the system.

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
 next to you may not be who they appear to be, so take precaution.
-Sathington Willoughby

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Anthony Baxter]

 Jamie Heilman wrote
 Without properly configured resource limits, it is trivial to use an
 exposed Zope instance to exhaust host resources. 

If this is a real risk for you, you should be using per-process limits 
to make sure that the host can't be completely destroyed. Sure, zope 
will fall over when it hits the limit, but that's better than taking 
out the whole host.

Yes, the existing bugs should (and probably will) be addressed as
they're found, but as a belt-and-braces kinda thing, limits are also
useful.


 
 Zope's bug collector hides security related bugs until they are deemed
 worth of display by the controllers.  Personally I think full
 disclosure is preferable to secrecy, but I'm willing to play by the
 rules laid down as long as I think the system is working for the
 general benefit of the community.  You may have noticed I haven't been
 terribly secretive about recent cross site scripting or cache
 poisoning issues, and that can be attributed to, in part, my growing
 disastifaction with the system.

That's really a separate issue that is a zope corp thing to address...

Anthony

-- 
Anthony Baxter [EMAIL PROTECTED]   
It's never too late to have a happy childhood.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Shane Hathaway]

On Thu, 13 Mar 2003, Toby Dickenson wrote:

 On Thursday 13 March 2003 5:21 am, Shane Hathaway wrote:
 
   The only vulnerability would involve
  trusted users who want to vandalize Zope.  So even though there have
  been many hotfixes, they are irrelevant--Zope is still secure. (Unless
  you can't trust your trusted users, which is a different problem.)
 
 Of course you cant *completely* trust your trusted users. Thats why we have 
 seperate user accounts, and seperate roles.
 
 IMO:
 Zope is sufficiently vulnerable to abuse from trusted users to justify 
 concern. The normal zope development model is to consider normal python code 
 as trusted - normal python code can do anything without security checks. Zope 
 has many normal python methods that can be called by through-the-web code 
 (after permission checking). In unix terms this is equivalent to having many 
 setuid root programs. IMO concern can be justified without needing to find a 
 specific exploit. From this point of view, Jamies advocacy of using Unix 
 mechanisms to restrict this 'trusted' python code is valuable.

I agree with you in principle, but your choice of words leads an outsider
to believe that a vulnerability in Zope's internal security model is a
root exploit.  The truth is that a vulnerability in Zope's internal
security model can only setuid to the privileges of the owner of the
Zope process, and root doesn't own the Zope process.  On most systems,
Zope is owned by an independent, restricted user.  To get root privileges,
the user would still have to make use of a root exploit outside Zope.

Yes, Zope's internal security model is currently too fragile, since any
product can break the barriers, but Zope 3 is working to deal with that.

Shane

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Joachim Werner]

Christian Tismer schrieb:
Dear Zope community,

please excuse my ignorance, but I am asked
from time to time how secure or insecure
Zope actually is, and I always have to say
that I actually don't know.
There are people claiming that Zope opens a system
to quite some level, others claim the opposite.
Can someone please enlighten me and give me some
details? Especially, are there some Zope products
considered especially insecure?
And, pondering more on security, are these issues,
if they exist, bounded to Zope itself, or becomes
a system generally more open to attacks, after
Zope was installed?
I don't mean to offend anybody by this, it is just
a very simple question which I cannot answer alone.
thanks so much in advance -- chris
I think to be fair here we should compare Zope's security to the 
security of other similar tools, not only point out that there still are 
issues in Zope.

It is extremely difficult to write secure web software that is at the 
same time highly interactive. If you want people to be able to do a lot 
with your system you will also have to open it up to some degree.

My basic oppinion is that Zope is one of the most secure solutions for 
dynamic web applications.

Some of the issues that have not been talked about in the previous postings:

- Products that let you access the file system:

There is a number of products (like LocalFS) that let you access the 
file system directly. While this is not always a problem one has to be 
extremely careful with those because they circumvent Zope's access 
limitations to the file system. Of course you are still restricted to 
the user Zope is running at ...

- Products or methods that can use up a lot of resources:

I can think of a couple of ways of using up most of the resources on a 
Zope system:

  - Using PIL (Python Imaging Library) without care: Let's say you offer
an automatic image scaling tool to your users that can be called via
a URL. Then it is relatively easy for an attacker to let PIL create
huge images that might take several seconds to render and use up
tens of megabytes of RAM. Doing this in a massive way will bring the
server to a halt. There are similar exploits using other resource-
intensive software, so this is just an example.
Note that this is not a Zope design flaw, but a potential danger
when being too careless in extending Zope.
  - Uploading huge files: This can effectively be handled by a proxy
server (Apache can also limit most other DOS-related parameters
quite efficiently)
  - Doing things that are perfectly allowed too frequently, like
hammering the over-the-web registration tool with a robot: This
has to be taken care of by the programmer. I'd guess that most of
the servers out there (Zope or non-Zope) are not perfect in that
respect. Again, Apache might help here.
  - Writing malicious code that loops forever etc. This is a part
where Zope's security works quite well, but it is not perfect.
There are no infinite loops or recursions because you'll
eventually get stopped by Zope or Python. But I remember that I
was able to write a three-liner in a (Script) Python that had a
flaw and caused an enormous system load before it was terminated.
The only way to stop this is careful coding. In a very public
environment I'd limit the scripting available to site visitors to
very simple tools like structured text. As soons as somebody
untrusted can write code there is no way of preventing DOS-type
attacks. Powerful tools are powerful. It's like guns: They can not
be built to only kill the bad guys ...
- Cross-scripting issues:

I guess that some of those are still in the Zope Management Interface 
(which is not meant to be used by untrusted users in most cases), but 
Zope offers a lot of tools to make sure that it is hard to post 
malicious code in forums, attack Zope via URLs etc.

For example there are quoting mechanisms in place, either automatic or 
easily applicable, that can be used to protect SQL strings, URLs, and 
text that is displayed on the site. The majority of exploits in PHP- or 
Perl-based solutions is in this domain.

It is safe to say Zope is more secure than most other web application 
servers (protection against buffer overflows, limited access to the 
system's resources, very limited file system access, quoting mechanisms, 
secure SQL database access, very sophisticated internal security model), 
but Zope is not a firewall. If you don't take care there is some chance 
of DOS attacks. On the other hand I am quite positive that Zope is very 
secure in terms of preventing unauthorized access to the system (root 
exploits etc.).

Joachim

--

iuveno AG

Joachim Werner

_

Wittelsbacherstr. 23b
90475 Nürnberg
[EMAIL PROTECTED]
www.iuveno.de
Tel.: +49 (0) 911/ 9 88 39 84

___
Zope-Dev maillist  -  [EMAIL PROTECTED]

Re: [Zope-dev] install complains about 'invalid' Python files

[Lennart Regebro]

[EMAIL PROTECTED] wrote:
When I run the Zope install script on a freshly installed Zope, and my
Product is already there, it complains that the *.py scripts (aimed for
import) would be invalid, because there are return-, but no def statements.
Thus, installation fails; I must first remove my product.
This may be completely daft, but my first reaction is that files with 
Zope python scripts maybe should have separate file extentions, since 
they aren't valid python files. .pys, maybe?

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Chris McDonough]

Hi Jamie,

I'm wondering if you might consider applying for checkin privileges. 
The host header issue that you've uploaded several patches for is a
bonafide problem for some users, but I think that most people with
checkin privs feel that it isn't sufficiently dangerous to the majority
of users to take the time out to review all of your patches and vouch
for them via a checkin (this might take a day or so to do). OTOH, if you
could just check them in yourself, you would no longer feel
disenfranchised.

The process for obtaining checkin privileges is documented here:  

http://dev.zope.org/CVS/ContributorIntroduction

HTH,

- C


On Thu, 2003-03-13 at 06:42, Jamie Heilman wrote:
 Max M wrote:
  A statement like that without an argument is worthless in a discussion. 
  You need to elaborate as we cannot read your mind and see what lies 
  behind the statement.
 
 My statement wasn't really aimed at you, sorry, I'm not playing fair.
 My statement was aimed at people who don't have to read my mind
 because they've been informed, and I'm making it in a public forum to
 be a pain the ass.
 
 I've already mentioned I have outstanding security related bugs in the
 collector, and as Toby noted I've been vocal on the value of process
 seperation and resource limits.  This isn't a coincidence.
 
 Without properly configured resource limits, it is trivial to use an
 exposed Zope instance to exhaust host resources.  This isn't entirely
 Zope's problem, this is usually an issue of misconfiguration.  For
 example, until Zope 2.6, ZServer imposed no length limits on HTTP
 request headers.  (These headers are read directly into memory, thus
 it was fairly easy to exhaust the memory of a host without resource
 limits.) When I found that out I reported it as a bug, and it was
 promptly addressed. (kudos)  Now it could easily be argued, and I
 wouldn't be inclined to really disagree, that header length limits
 should be configured by the fronting server.  What I didn't appreciate
 at the time is just how important a front-end proxy server is for
 Zope.  If you expose Zope to a hostile network, it is mandatory.  So
 now I don't consider this kind of thing a bug in Zope, unless Zope
 happens to make it possible to drastically amplify the effects of such
 an attack, (at which point crashing zope by running it into a resource
 limit becomes trivial) and a front-end proxy is unable or unlikely to
 thwart the attack.
 
 Zope's bug collector hides security related bugs until they are deemed
 worth of display by the controllers.  Personally I think full
 disclosure is preferable to secrecy, but I'm willing to play by the
 rules laid down as long as I think the system is working for the
 general benefit of the community.  You may have noticed I haven't been
 terribly secretive about recent cross site scripting or cache
 poisoning issues, and that can be attributed to, in part, my growing
 disastifaction with the system.
 
 -- 
 Jamie Heilman   http://audible.transient.net/~jamie/
 Paranoia is a disease unto itself, and may I add, the person standing
  next to you may not be who they appear to be, so take precaution.
   -Sathington Willoughby
 
 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://mail.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists - 
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope )



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Session Errors

[Chris McDonough]

John,

Which Zope 2.6?  Zope 2.6.1?  Here's what line 807 of the current
Transience.py looks like:

v = self._data[b].get(k, notfound)

Does yours look like that?

What is the value of the __version__ variable at the top of the
Transience.py file?

On Thu, 2003-03-13 at 07:11, John Eikenberry wrote:
 Since upgrading to Zope-2.6 we've been getting KeyErrors when using
 Sessions. They seem to happen more now that we've started using
 hasSessionData(), but I'm pretty sure they happened prior to that.
 
 Anyways, here are the 2 related tracebacks. Has anyone else seen these?
 
 Traceback #1 occurs most frequently. The KeyError's value is an unprintable
 string of non-ascii characters.
 
 * Module ZPublisher.Publish, line 150, in publish_module
 * Module ZPublisher.Publish, line 114, in publish
 * Module The application server.App.startup, line 182, in
   zpublisher_exception_hook
 * Module ZPublisher.Publish, line 98, in publish
 * Module ZPublisher.mapply, line 88, in mapply
 * Module ZPublisher.Publish, line 39, in call_object
 * Module App.special_dtml, line 61, in __call__
 * Module DocumentTemplate.DT_String, line 474, in __call__
 * Module Products.Transience.Transience, line 342, in nudge
 * Module Products.Transience.Transience, line 467, in _getCurrentBucket
 * Module Products.TemporaryFolder.LowConflictConnection, line 34, in
   setstate
 * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load
 KeyError:
 
 Traceback #2 happens less frequently, though today it seemed like it was
 trying to catch up (3 of these today).
 
 * Module ZPublisher.Publish, line 98, in publish
 * Module ZPublisher.mapply, line 88, in mapply
 * Module ZPublisher.Publish, line 39, in call_object
 * Module OFS.DTMLMethod, line 126, in __call__
 * Module DocumentTemplate.DT_String, line 474, in __call__
 * Module Products.DotOrg.Pages.KContent, line 149, in __call__
 * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo
 * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData
 * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData
 * Module Products.Sessions.SessionDataManager, line 175, in
   _hasSessionDataObject
 * Module Products.Transience.Transience, line 838, in has_key
 * Module Products.Transience.Transience, line 807, in get
 
 KeyError: 1047409860 
 
 
 -- 
 
 John Eikenberry [EMAIL PROTECTED]
 __
 A society that will trade a little liberty for a little order
  will deserve neither and lose both.
   --B. Franklin
 
 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://mail.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists - 
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope )



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] install complains about 'invalid' Python files

[THerp]

Lennart Regebro wrote:
 [EMAIL PROTECTED] wrote:
  When I run the Zope install script on a freshly installed Zope, and my
  Product is already there, it complains that the *.py scripts (aimed for
  import) would be invalid, because there are return-, but no def
statements.
  Thus, installation fails; I must first remove my product.

 This may be completely daft, but my first reaction is that files with
 Zope python scripts maybe should have separate file extentions, since
 they aren't valid python files. .pys, maybe?

Well, I wanted to avoid this. But since this seams to be the only
possibility, I'll use .zpy instead (Zope PYthon script) and tell vim to
highlight them as Python.

Thanks,

Tobias



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] install complains about 'invalid' Python files

[Stefan H. Holek]

You cannot rely on the Zope install script to handle add-on products well, 
if at all. The same issue wrt .py extensions is present in the CMF skins. 
So I guess the answer is: Don't do it that way. They are called add-on 
products for a reason ;-)

Stefan

--On Donnerstag, 13. März 2003 14:00 +0100 [EMAIL PROTECTED] wrote:

When I run the Zope install script on a freshly installed Zope, and my
Product is already there, it complains that the *.py scripts (aimed for
import) would be invalid, because there are return-, but no def
statements. Thus, installation fails; I must first remove my product.
My question: is it possible to tell the install script not to compile a
certain directory subtree, e.g. placing a certain file somewhere?
--
Those who write software only for pay should go hurt some other field.
/Erik Naggum/
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Chris McDonough]

On Thu, 2003-03-13 at 10:26, Toby Dickenson wrote:
 I suspect most people with checkin privelidges dont know about this problem, 
 because it wont have been sent to the public mailman list.

True.  I really don't know which set of committers gets the
security-related emails from that collector.  I do, somehow.  Other
folks at ZC do as well.  If something really bad comes up, someone
typically sounds the alarm and we put out a hotfix ASAP.

I think this particular problem occurs in a sufficiently narrow set of
circumstances that we didn't go into helmet fire mode on it (e.g. I
think the consensus is it should be fixed in an upcoming release, but it
doesn't require a hotfix).  That said, this is a guess (and a judgement
call), I haven't discussed it with anyone else.

- C



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Steve Alexander]

I suspect most people with checkin privelidges dont know about this problem, 
because it wont have been sent to the public mailman list.
Perhaps an email can be sent out saying

  Issue number 1234.
  Temporarily restricted pending security review.
  http://url.to.get.it.if.you.are.logged.in
Then, I'd be able to follow the link, authenticate, and read the issue.

--
Steve Alexander


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Chris McDonough]

This is a good idea.  I'll add an issue to the collector collector.

- C


On Thu, 2003-03-13 at 11:10, Steve Alexander wrote:
 
  I suspect most people with checkin privelidges dont know about this problem, 
  because it wont have been sent to the public mailman list.
 
 Perhaps an email can be sent out saying
 
Issue number 1234.
Temporarily restricted pending security review.
http://url.to.get.it.if.you.are.logged.in
 
 Then, I'd be able to follow the link, authenticate, and read the issue.
 
 --
 Steve Alexander
 
 
 
 
 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://mail.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists - 
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope )



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Florent Guillaume]

In article [EMAIL PROTECTED] you write:
 - Cross-scripting issues:
 
 I guess that some of those are still in the Zope Management Interface 
 (which is not meant to be used by untrusted users in most cases), but 
 Zope offers a lot of tools to make sure that it is hard to post 
 malicious code in forums, attack Zope via URLs etc.

I've worked had to remove all those in the DTML code. I've not audited
the rest of the python code that generates HTML directly (code that
should be taken out and shot), but I think there are patches for those
in the collector.

Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:[EMAIL PROTECTED]

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Martijn Pieters]

On Thu, Mar 13, 2003 at 06:11:32PM +0100, Florent Guillaume wrote:
 In article [EMAIL PROTECTED] you write:
  - Cross-scripting issues:
  
  I guess that some of those are still in the Zope Management Interface 
  (which is not meant to be used by untrusted users in most cases), but 
  Zope offers a lot of tools to make sure that it is hard to post 
  malicious code in forums, attack Zope via URLs etc.
 
 I've worked had to remove all those in the DTML code. I've not audited
 the rest of the python code that generates HTML directly (code that
 should be taken out and shot), but I think there are patches for those
 in the collector.

And Florent's patches came on top of my DTML pro-active anti-HTML-from-
REQUEST-sourced-data changes that cause all outside strings to be HTML
quoted if they could *possibly* be used to construct HTML tags.

Some of my changes included taking out some of the directly-HTML-generating
python code to be shot without trial.

-- 
Martijn Pieters
| Software Engineer  mailto:[EMAIL PROTECTED]
| Zope Corporation   http://www.zope.com/
| Creators of Zope   http://www.zope.org/
-

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope3-dev] How (in)secure is Zope?

[Christian Tismer]

Tim Peters wrote:
[Christian Tismer]

...
I don't mean to offend anybody by this, it is just
a very simple question which I cannot answer alone.


There may be a simple question hiding in this, but it's hard to find wink.

You try:  how secure is sendmail?  how secure is ssh?  how secure is Python?
Answer those simple(?!) questions in the way you're looking for, and maybe
someone can do the same wrt Zope.  As is, you *appear* to be asking for a
one-word summary of an encyclopedia.  Big wink.
Hey, you're right.
Maybe, by simple question I meant short question,
not necessarily easy to answer at all. :-)
For the sysadmin's POV, I think it should be formulated
like:
If I install Zope, and I don't have the time to become
a Zope guru, what are the newly accumulated risks
for my system, if I use the default installation?
The biggest fear would probably be a number of known
exploits, and Joe Hacker just has to download some
of those tools, and the system is open.
It appears that at least *that* is not the case.
I think the answers given on the list were quite
useful, thanks to you all!
cheers - chris

p.s.: sendmail? ssh? Python?
Security exploits are discussed in the bugtraq list.
I can find them all in the list archive.
What about Zope? It is not in bugtraq.
--
Christian Tismer :^)   mailto:[EMAIL PROTECTED]
Mission Impossible 5oftware  : Have a break! Take a ride on Python's
Johannes-Niemeyer-Weg 9a :*Starship* http://starship.python.net/
14109 Berlin : PGP key - http://wwwkeys.pgp.net/
work +49 30 89 09 53 34  home +49 30 802 86 56  pager +49 173 24 18 776
PGP 0x57F3BF04   9064 F4E1 D754 C2FF 1619  305B C09C 5A3B 57F3 BF04
 whom do you want to sponsor today?   http://www.stackless.com/
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope3-dev] How (in)secure is Zope?

[Paul Winkler]

On Wed, Mar 12, 2003 at 09:39:02PM -0500, Tres Seaver wrote:
 Now let me describe another configuraton, running in production now for
 years (one process in the cluster had an uptime of 400 days at a recent
 hardware-induced reboot):
 
   - Two Zope application servers run behind a load balancer and an
 Apache proxy (non-caching), serving requests against data in a
 shared storage server.
 
   - The server permits through-the-web registration, with minimal
 identity check (only a valid e-mail address.  As of this writing,
 there are 18000+ user accounts.
 
   - Users of the site get a member folder where they can create
 templates, Python scripts, and content within the ZODB.  Some
 minimal workflow exists, controlling basically whether the user's
 content is included in site searches.

Hmmm, I wonder what this site is. ;-)

-- 

Paul Winkler
http://www.slinkp.com
Look! Up in the sky! It's GIRL ATHON!
(random hero from isometric.spaceninja.com)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Session Errors

[John Eikenberry]

Sorry, its Zope 2.6.1.

Chris McDonough wrote:

 John,
 
 Which Zope 2.6?  Zope 2.6.1?  Here's what line 807 of the current
 Transience.py looks like:
 
 v = self._data[b].get(k, notfound)
 
 Does yours look like that?

Yes.

 What is the value of the __version__ variable at the top of the
 Transience.py file?

__version__='$Revision: 1.28.6.4 $'[11:-2]

 
 On Thu, 2003-03-13 at 07:11, John Eikenberry wrote:
  Since upgrading to Zope-2.6 we've been getting KeyErrors when using
  Sessions. They seem to happen more now that we've started using
  hasSessionData(), but I'm pretty sure they happened prior to that.
  
  Anyways, here are the 2 related tracebacks. Has anyone else seen these?
  
  Traceback #1 occurs most frequently. The KeyError's value is an unprintable
  string of non-ascii characters.
  
  * Module ZPublisher.Publish, line 150, in publish_module
  * Module ZPublisher.Publish, line 114, in publish
  * Module The application server.App.startup, line 182, in
zpublisher_exception_hook
  * Module ZPublisher.Publish, line 98, in publish
  * Module ZPublisher.mapply, line 88, in mapply
  * Module ZPublisher.Publish, line 39, in call_object
  * Module App.special_dtml, line 61, in __call__
  * Module DocumentTemplate.DT_String, line 474, in __call__
  * Module Products.Transience.Transience, line 342, in nudge
  * Module Products.Transience.Transience, line 467, in _getCurrentBucket
  * Module Products.TemporaryFolder.LowConflictConnection, line 34, in
setstate
  * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load
  KeyError:
  
  Traceback #2 happens less frequently, though today it seemed like it was
  trying to catch up (3 of these today).
  
  * Module ZPublisher.Publish, line 98, in publish
  * Module ZPublisher.mapply, line 88, in mapply
  * Module ZPublisher.Publish, line 39, in call_object
  * Module OFS.DTMLMethod, line 126, in __call__
  * Module DocumentTemplate.DT_String, line 474, in __call__
  * Module Products.DotOrg.Pages.KContent, line 149, in __call__
  * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo
  * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData
  * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData
  * Module Products.Sessions.SessionDataManager, line 175, in
_hasSessionDataObject
  * Module Products.Transience.Transience, line 838, in has_key
  * Module Products.Transience.Transience, line 807, in get
  
  KeyError: 1047409860 
  
  
  -- 
  
  John Eikenberry [EMAIL PROTECTED]
  __
  A society that will trade a little liberty for a little order
   will deserve neither and lose both.
--B. Franklin
  
  ___
  Zope-Dev maillist  -  [EMAIL PROTECTED]
  http://mail.zope.org/mailman/listinfo/zope-dev
  **  No cross posts or HTML encoding!  **
  (Related lists - 
   http://mail.zope.org/mailman/listinfo/zope-announce
   http://mail.zope.org/mailman/listinfo/zope )
 
 

-- 

John Eikenberry [EMAIL PROTECTED]
__
A society that will trade a little liberty for a little order
 will deserve neither and lose both.
  --B. Franklin

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Session Errors

[Chris McDonough]

Hi John,

Can you apply the attached diff to your Transience.py file and run with
it in place for a couple of days?  It will not fix the problem (the
symptoms will remain) but it should print some diagnostic information to
the Zope event log (the STUPID_LOG_FILE, hopefully you've got that
going) that will help us track down what this might be.

Once you notice it happen, send the relevant parts of your logfile to me
and I will see if I can analyze it.

- C




On Thu, 2003-03-13 at 15:19, John Eikenberry wrote:
 
 Sorry, its Zope 2.6.1.
 
 Chris McDonough wrote:
 
  John,
  
  Which Zope 2.6?  Zope 2.6.1?  Here's what line 807 of the current
  Transience.py looks like:
  
  v = self._data[b].get(k, notfound)
  
  Does yours look like that?
 
 Yes.
 
  What is the value of the __version__ variable at the top of the
  Transience.py file?
 
 __version__='$Revision: 1.28.6.4 $'[11:-2]
 
  
  On Thu, 2003-03-13 at 07:11, John Eikenberry wrote:
   Since upgrading to Zope-2.6 we've been getting KeyErrors when using
   Sessions. They seem to happen more now that we've started using
   hasSessionData(), but I'm pretty sure they happened prior to that.
   
   Anyways, here are the 2 related tracebacks. Has anyone else seen these?
   
   Traceback #1 occurs most frequently. The KeyError's value is an unprintable
   string of non-ascii characters.
   
   * Module ZPublisher.Publish, line 150, in publish_module
   * Module ZPublisher.Publish, line 114, in publish
   * Module The application server.App.startup, line 182, in
 zpublisher_exception_hook
   * Module ZPublisher.Publish, line 98, in publish
   * Module ZPublisher.mapply, line 88, in mapply
   * Module ZPublisher.Publish, line 39, in call_object
   * Module App.special_dtml, line 61, in __call__
   * Module DocumentTemplate.DT_String, line 474, in __call__
   * Module Products.Transience.Transience, line 342, in nudge
   * Module Products.Transience.Transience, line 467, in _getCurrentBucket
   * Module Products.TemporaryFolder.LowConflictConnection, line 34, in
 setstate
   * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load
   KeyError:
   
   Traceback #2 happens less frequently, though today it seemed like it was
   trying to catch up (3 of these today).
   
   * Module ZPublisher.Publish, line 98, in publish
   * Module ZPublisher.mapply, line 88, in mapply
   * Module ZPublisher.Publish, line 39, in call_object
   * Module OFS.DTMLMethod, line 126, in __call__
   * Module DocumentTemplate.DT_String, line 474, in __call__
   * Module Products.DotOrg.Pages.KContent, line 149, in __call__
   * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo
   * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData
   * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData
   * Module Products.Sessions.SessionDataManager, line 175, in
 _hasSessionDataObject
   * Module Products.Transience.Transience, line 838, in has_key
   * Module Products.Transience.Transience, line 807, in get
   
   KeyError: 1047409860 
   
   
   -- 
   
   John Eikenberry [EMAIL PROTECTED]
   __
   A society that will trade a little liberty for a little order
will deserve neither and lose both.
 --B. Franklin
   
   ___
   Zope-Dev maillist  -  [EMAIL PROTECTED]
   http://mail.zope.org/mailman/listinfo/zope-dev
   **  No cross posts or HTML encoding!  **
   (Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
  
  
 
 -- 
 
 John Eikenberry [EMAIL PROTECTED]
 __
 A society that will trade a little liberty for a little order
  will deserve neither and lose both.
   --B. Franklin
 
 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://mail.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists - 
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope )

? btreecheck.diff
? kedaipatch
Index: Transience.py
===
RCS file: /cvs-repository/Zope/lib/python/Products/Transience/Transience.py,v
retrieving revision 1.28.6.4
diff -r1.28.6.4 Transience.py
34a35
 from BTrees.check import check, display
45a47
 from cStringIO import StringIO
807c809,830
 v = self._data[b].get(k, notfound)
---
 try:
 v = self._data[b].get(k, notfound)
 except KeyError:
 LOG('Transience', WARNING,
 'KeyError raised in get, checking _data BTree')
 try:
 check(self._data)
   

Re: [Zope-dev] Proposed installation changes for review

[Adrian van den Dries]

On March 10, Fred L. Drake, Jr. wrote:
 I'm not sure what you mean; it sounds like you're looking for either
 DBTab-style mounts or something different.  Please describe the
 configuration so we can be sure that there's some way to support it.

Yes, DBTab-style mounts are what I'm looking for.  

Shane says, 

 Hopefully, Zope 2.7 will integrate DBTab's functionality.

I took that at face value and assumed the rest of the crowd knew about
it.

DBTab's only limitation is that it has hard-coded storage types (most
notably lacking is DirectoryStorage).  The way I see this resolved is
that DBTab knows nothing about storage types, but instead provides a
mechanism for each storage to declare its configuration to ZConfig.
I'm guessing the way to do that is to provide a ZConfig schema for
each storage that declares what it needs configured, and a mount-point
just needs a valid storage directive.  Is this possible?

I would also like to see the mounting mechanism work outside of Zope,
so that you can partition a standalone ZODB application.  That is
outside the immediate scope of this thread, but something perhaps to
keep in mind.

a.

-- 
 Adrian van den Dries   [EMAIL PROTECTED]
 Development team   www.dev.flow.com.au
 FLOW Communications Pty. Ltd.  www.flow.com.au

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Adrian van den Dries]

On March 13, Lennart Regebro wrote:
 2. Protecting yourself from packet snooping:
 Zope doesn't have any encryption built-in, SSL needs external software 
 to implement fro example.
 
 In this sense Zope can be MADE secure with some work, but is not secure 
 at all out of the box.

Speaking of which, does anyone have any strategies for doing a
combination HTTP/HTTP-S setup, ie, where anonymous requests are HTTP,
and all authenticated requests are encrypted?

Specifically, Zope has no way of knowing beforehand that access to a
resource will throw an Unauthorized error, and when it does, it just
sends a WWW-Authenticate header, and the browser retries the request
with the supplied header.  We want to enforce that passwords are never
solicited without SSL.

One way is probably to use CookieCrumbler and hack it to rewrite
came_from so s/^http/https/.  Is there a way that doesn't require
hacking?

a.

-- 
 Adrian van den Dries   [EMAIL PROTECTED]
 Development team   www.dev.flow.com.au
 FLOW Communications Pty. Ltd.  www.flow.com.au

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Dave Hall]

On Fri, Mar 14, 2003 at 09:19:55AM +1100, Adrian van den Dries wrote:
 On March 13, Lennart Regebro wrote:
  2. Protecting yourself from packet snooping:
  Zope doesn't have any encryption built-in, SSL needs external software 
  to implement fro example.
  
  In this sense Zope can be MADE secure with some work, but is not secure 
  at all out of the box.
 
 Speaking of which, does anyone have any strategies for doing a
 combination HTTP/HTTP-S setup, ie, where anonymous requests are HTTP,
 and all authenticated requests are encrypted?

If you're front-ending with Apache, you could have a rewrite rule that
would send an HTTP redirect if there are authentication credentials in the
request. It still means one trip across the net with credentials in the
clear.  Not useful if you are using SSL for privacy but useful if you are
using SSL for authenticity.

 Specifically, Zope has no way of knowing beforehand that access to a
 resource will throw an Unauthorized error, and when it does, it just
 sends a WWW-Authenticate header, and the browser retries the request
 with the supplied header.  We want to enforce that passwords are never
 solicited without SSL.
 
 One way is probably to use CookieCrumbler and hack it to rewrite
 came_from so s/^http/https/.  Is there a way that doesn't require
 hacking?

You could maybe wrap stuff in a method or object that will catch an Unauthorized
error and return a HTTP redirect to a https:// URL.  When the page is hit
using HTTPS, don't bother checking.

This simplest thing to do would be to do everything over SSL (anonymous or
authenticated).  I do this now with an apache non-SSL virtual host sending
a redirect to the SSL virtual host with the same URI.


-- 

Dave

===
| - You must be smarter than this stick to ride
 the Internet   -Mike Handler
===

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Conflict reduced BTrees for cataloging

[Dieter Maurer]

I am working on a CMS on top of ZODB for large amounts of
large SGML/XML documents.

To speed things up, a colleague started two import processes
and we get incredible amounts of database read conflict errors
from cataloguing (although we already use QueueCatalog for
most indexes).

I think, the data structures used for cataloguing and indexing
could have a def _p_independent(self): return 1.

Does anybody objects?

If not, I will implement _p_independent BTrees and friends.


Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Pydoc and Zope

[Dieter Maurer]

Joachim Werner wrote at 2003-3-12 00:45 +0100:
  I've used Pydoc with Dieter Maurer's patches to browse the Zope
  sourcecode before.
  
  These patches are quite old and probably incompatible with current Zope
  versions.

I expect that only minor changes are necessary to make them
work with Zope 2.1.6:

  *  Initialization moved from Zope/__init__.py to
 Zope/App/startup.py

  *  An explicite call to startup might be necessary.


Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Session Errors

[John Eikenberry]

Patch applied and the first results are in... so far its a lot of these:


2003-03-13T15:18:07 PROBLEM(100) Transience KeyError raised in get,
checking _data BTree
--
2003-03-13T15:18:07 PROBLEM(100) Transience BTree check succeeded


Chris McDonough wrote:

 Hi John,
 
 Can you apply the attached diff to your Transience.py file and run with
 it in place for a couple of days?  It will not fix the problem (the
 symptoms will remain) but it should print some diagnostic information to
 the Zope event log (the STUPID_LOG_FILE, hopefully you've got that
 going) that will help us track down what this might be.
 
 Once you notice it happen, send the relevant parts of your logfile to me
 and I will see if I can analyze it.
 
 - C
 
 
 
 
 On Thu, 2003-03-13 at 15:19, John Eikenberry wrote:
  
  Sorry, its Zope 2.6.1.
  
  Chris McDonough wrote:
  
   John,
   
   Which Zope 2.6?  Zope 2.6.1?  Here's what line 807 of the current
   Transience.py looks like:
   
   v = self._data[b].get(k, notfound)
   
   Does yours look like that?
  
  Yes.
  
   What is the value of the __version__ variable at the top of the
   Transience.py file?
  
  __version__='$Revision: 1.28.6.4 $'[11:-2]
  
   
   On Thu, 2003-03-13 at 07:11, John Eikenberry wrote:
Since upgrading to Zope-2.6 we've been getting KeyErrors when using
Sessions. They seem to happen more now that we've started using
hasSessionData(), but I'm pretty sure they happened prior to that.

Anyways, here are the 2 related tracebacks. Has anyone else seen these?

Traceback #1 occurs most frequently. The KeyError's value is an unprintable
string of non-ascii characters.

* Module ZPublisher.Publish, line 150, in publish_module
* Module ZPublisher.Publish, line 114, in publish
* Module The application server.App.startup, line 182, in
  zpublisher_exception_hook
* Module ZPublisher.Publish, line 98, in publish
* Module ZPublisher.mapply, line 88, in mapply
* Module ZPublisher.Publish, line 39, in call_object
* Module App.special_dtml, line 61, in __call__
* Module DocumentTemplate.DT_String, line 474, in __call__
* Module Products.Transience.Transience, line 342, in nudge
* Module Products.Transience.Transience, line 467, in _getCurrentBucket
* Module Products.TemporaryFolder.LowConflictConnection, line 34, in
  setstate
* Module Products.TemporaryFolder.TemporaryStorage, line 94, in load
KeyError:

Traceback #2 happens less frequently, though today it seemed like it was
trying to catch up (3 of these today).

* Module ZPublisher.Publish, line 98, in publish
* Module ZPublisher.mapply, line 88, in mapply
* Module ZPublisher.Publish, line 39, in call_object
* Module OFS.DTMLMethod, line 126, in __call__
* Module DocumentTemplate.DT_String, line 474, in __call__
* Module Products.DotOrg.Pages.KContent, line 149, in __call__
* Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo
* Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData
* Module Products.Sessions.SessionDataManager, line 101, in hasSessionData
* Module Products.Sessions.SessionDataManager, line 175, in
  _hasSessionDataObject
* Module Products.Transience.Transience, line 838, in has_key
* Module Products.Transience.Transience, line 807, in get

KeyError: 1047409860 


-- 

John Eikenberry [EMAIL PROTECTED]
__
A society that will trade a little liberty for a little order
 will deserve neither and lose both.
  --B. Franklin

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )
   
   
  
  -- 
  
  John Eikenberry [EMAIL PROTECTED]
  __
  A society that will trade a little liberty for a little order
   will deserve neither and lose both.
--B. Franklin
  
  ___
  Zope-Dev maillist  -  [EMAIL PROTECTED]
  http://mail.zope.org/mailman/listinfo/zope-dev
  **  No cross posts or HTML encoding!  **
  (Related lists - 
   http://mail.zope.org/mailman/listinfo/zope-announce
   http://mail.zope.org/mailman/listinfo/zope )
 

 ? btreecheck.diff
 ? kedaipatch
 Index: Transience.py
 ===
 RCS file: /cvs-repository/Zope/lib/python/Products/Transience/Transience.py,v
 retrieving revision 1.28.6.4
 diff -r1.28.6.4 Transience.py
 34a35
  from BTrees.check import check, display
 45a47
  from cStringIO import 

Re: [Zope] Re: [Zope-dev] Proposed installation changes for review

[Dieter Maurer]

Chris McDonough wrote at 2003-3-11 15:32 -0500:
  On Tue, 2003-03-11 at 15:22, Guido van Rossum wrote:
   
   That's why we're including the correct versions of ZODB and ZEO in
   Zope itself.  That's already the case in Zope 2.6.
  
  Zope 2.6 doesn't yet include ZEO, at least I don't think it does. ;-)

When you make a CVS checkout of the 2.6 branch, it already contains
ZEO.


Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Proposed installation changes for review

[Dieter Maurer]

Hi Chris,

Chris McDonough wrote at 2003-3-11 18:39 -0500:
  On Tue, 2003-03-11 at 17:11, Dieter Maurer wrote:
 All this is achieved by incorporating the result of hostname
 into the respective environment variables.
 
 I do not know how to do something like this in a configuration
 file (unless it provides for some form of shell functionality).
  
  ZConfig does allow you to declare and use simple bash-style variables
  within a single file,

When the configuration is composed out of components (e.g. for
packages), then some global declarations might be very
useful. I.e. a features as the global parameters in XSLT.
This would allow to have a single place to change all dependent
components (locations are most likely candidates for this feature).

  but currently provides no access to the
  environment.  I suspect we could add something to obtain an envvar value
  within ZConfig.
  
  E.g.:
  
  %define HOSTNAME ${HOSTNAME}
  
  .. then refer to $HOSTNAME in the rest of the config file...
  
  (squiggly brackets would mean obtain from environment).
  
  Do you think this would suffice?

For us, it would.

But the syntax could be a bit more explicit,
maybe ${env HOSTNAME} (a la make, where the first word
in ${...} may be a function).

  Or maybe we just make HOSTNAME and/or
  IP_ADRRESS within the a key constant as you describe.

I like access to the environment more.

 - Building and installing the software have become more clearly
   distinct; the installation can be separate from the build.
   
   Seems you make the elementary installation more difficult.
  
  I'm surprised at this assertion.  The most elementary way of install
  under 2.7 is this:
  
  $ cd Zope-src
  $ ./configure 
  {finds suitable Python and reports lack of large file support}
  $ make
  $ make install
  $ /opt/zope/mkzopeinstance /tmp/inst
  {user edits /tmp/inst/etc/zope.conf, which has inline docs}
  $ /tmp/inst/zopectl start
  
  While under 2.6 it's this:
  
  {need to know to configure Python with largefile support}
  $ cd Zope-src
  $ /path/to/python/version/you/want wo_pcgi.py 
  {user finds and reads doc/ENVIRONMENT.txt for envvars}
  {user finds and reads z2.py for command-line switches}
  {user edits the 'start' script with the right switches and envvars}
  $ ./start

I never read ENVIRONMENT.txt; for elementary use, I need
neither read z2.py nor do anything with start.

These things may come later, when newbies are already a bit
acquainted with Zope.


Dieter

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] RE: [Zope3-dev] How (in)secure is Zope?

[Tim Peters]

[Christian Tismer]
 ...
 p.s.: sendmail? ssh? Python?
 Security exploits are discussed in the bugtraq list.
 I can find them all in the list archive.
 What about Zope? It is not in bugtraq.

The obvious conclusion is that no security hole has ever been discovered in
Zope.  Whether that's a *correct* conclusion I take no position on, just
that it's the obvious conclusion wink.

 I think the answers given on the list were quite
 useful, thanks to you all!

You're welcome.  Don't forget that Zope's source is open, too:  lots of
eyeballs have scanned it, so the potentially dangerous modes of operation
seem well-known in the community.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Jamie Heilman]

Chris McDonough wrote:
 I'm wondering if you might consider applying for checkin privileges. 

I've considered it.  I don't think you need anymore cooks, maybe just
a few more recipes.

 The host header issue that you've uploaded several patches for is a
 bonafide problem for some users, but I think that most people with
 checkin privs feel that it isn't sufficiently dangerous to the majority
 of users to take the time out to review all of your patches and vouch
 for them via a checkin (this might take a day or so to do).

Well then that either means I'm not explaining it well enough, or I'm
wrong, or something.  What I'm shooting for is some discussion of the
issue, which to use bug 813 as an example, is why I asked for it to be
made public.  Even after going into more explicit detail on the zope
list though I got exactly 0 followups, so I was starting to think
people just didn't really care all that much.  Thankfully this thread
came along...

 OTOH, if you could just check them in yourself, you would no longer
 feel disenfranchised.

I don't actually feel disenfranchised, just confused as to what kind
of commitment to security ZC is making.  My disapointment stems from
my lack of ability to get any feedback on the bugs I've submitted.
Its kinda happening now, but having to kick up dust to make it happen
is less than ideal.

I'm also worried about the amount of reported bugs versus the activity
occuring to fix them.  I understand many of them are probably I did X
and Y crashed, and gosh I think it might be a security problem in Z.
without any analysis apart from random observation, which is sort of a
pain in the ass to deal with, but they aren't visible, and thus I
worry they aren't all like 493.  (of which 494 is a public dupe g)

-- 
Jamie Heilman   http://audible.transient.net/~jamie/
Paranoia is a disease unto itself, and may I add, the person standing
 next to you may not be who they appear to be, so take precaution.
-Sathington Willoughby

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] How (in)secure is Zope?

[Chris McDonough]

On Thu, 2003-03-13 at 22:09, Jamie Heilman wrote:
 Chris McDonough wrote:
  I'm wondering if you might consider applying for checkin privileges. 
 
 I've considered it.  I don't think you need anymore cooks, maybe just
 a few more recipes.

We have many recipes already.

  The host header issue that you've uploaded several patches for is a
  bonafide problem for some users, but I think that most people with
  checkin privs feel that it isn't sufficiently dangerous to the majority
  of users to take the time out to review all of your patches and vouch
  for them via a checkin (this might take a day or so to do).
 
 Well then that either means I'm not explaining it well enough, or I'm
 wrong, or something.  What I'm shooting for is some discussion of the
 issue, which to use bug 813 as an example, is why I asked for it to be
 made public.  Even after going into more explicit detail on the zope
 list though I got exactly 0 followups, so I was starting to think
 people just didn't really care all that much.  Thankfully this thread
 came along...

It's not that people don't care, it's that there's a lot of work to do,
a limited amount of time to do it in, and people have to choose
carefully what they apply themselves to.  I'm sure you can understand
this.

  OTOH, if you could just check them in yourself, you would no longer
  feel disenfranchised.
 
 I don't actually feel disenfranchised, just confused as to what kind
 of commitment to security ZC is making.

Zope is an open source product, the collector issues make their way to
many folks outside ZC as well.

 My disapointment stems from
 my lack of ability to get any feedback on the bugs I've submitted.
 Its kinda happening now, but having to kick up dust to make it happen
 is less than ideal.

I'm not sure how else to help you.  The bug reports are appreciated, but
we need folks to do the work.

 I'm also worried about the amount of reported bugs versus the activity
 occuring to fix them.  I understand many of them are probably I did X
 and Y crashed, and gosh I think it might be a security problem in Z.
 without any analysis apart from random observation, which is sort of a
 pain in the ass to deal with, but they aren't visible, and thus I
 worry they aren't all like 493.  (of which 494 is a public dupe g)

Which is why we want more cooks.  If you don't want checkin privs,
that's ok, but you'll need to be more patient.

- C



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Session Errors

[Chris McDonough]

OK, thanks John.

I hate to ask this (I should have done this to start with), but would
you be willing to use the following patch --against the original file,
not your recently patched version-- and try again?  I only checked one
of the two BTrees that might be at the heart of the problem with the
first patch, this patch checks the second as well.

- C


On Thu, 2003-03-13 at 18:18, John Eikenberry wrote:
 
 Patch applied and the first results are in... so far its a lot of these:
 
 
 2003-03-13T15:18:07 PROBLEM(100) Transience KeyError raised in get,
 checking _data BTree
 --
 2003-03-13T15:18:07 PROBLEM(100) Transience BTree check succeeded
 
 
 Chris McDonough wrote:
 
  Hi John,
  
  Can you apply the attached diff to your Transience.py file and run with
  it in place for a couple of days?  It will not fix the problem (the
  symptoms will remain) but it should print some diagnostic information to
  the Zope event log (the STUPID_LOG_FILE, hopefully you've got that
  going) that will help us track down what this might be.
  
  Once you notice it happen, send the relevant parts of your logfile to me
  and I will see if I can analyze it.
  
  - C
  
  
  
  
  On Thu, 2003-03-13 at 15:19, John Eikenberry wrote:
   
   Sorry, its Zope 2.6.1.
   
   Chris McDonough wrote:
   
John,

Which Zope 2.6?  Zope 2.6.1?  Here's what line 807 of the current
Transience.py looks like:

v = self._data[b].get(k, notfound)

Does yours look like that?
   
   Yes.
   
What is the value of the __version__ variable at the top of the
Transience.py file?
   
   __version__='$Revision: 1.28.6.4 $'[11:-2]
   

On Thu, 2003-03-13 at 07:11, John Eikenberry wrote:
 Since upgrading to Zope-2.6 we've been getting KeyErrors when using
 Sessions. They seem to happen more now that we've started using
 hasSessionData(), but I'm pretty sure they happened prior to that.
 
 Anyways, here are the 2 related tracebacks. Has anyone else seen these?
 
 Traceback #1 occurs most frequently. The KeyError's value is an unprintable
 string of non-ascii characters.
 
 * Module ZPublisher.Publish, line 150, in publish_module
 * Module ZPublisher.Publish, line 114, in publish
 * Module The application server.App.startup, line 182, in
   zpublisher_exception_hook
 * Module ZPublisher.Publish, line 98, in publish
 * Module ZPublisher.mapply, line 88, in mapply
 * Module ZPublisher.Publish, line 39, in call_object
 * Module App.special_dtml, line 61, in __call__
 * Module DocumentTemplate.DT_String, line 474, in __call__
 * Module Products.Transience.Transience, line 342, in nudge
 * Module Products.Transience.Transience, line 467, in _getCurrentBucket
 * Module Products.TemporaryFolder.LowConflictConnection, line 34, in
   setstate
 * Module Products.TemporaryFolder.TemporaryStorage, line 94, in load
 KeyError:
 
 Traceback #2 happens less frequently, though today it seemed like it was
 trying to catch up (3 of these today).
 
 * Module ZPublisher.Publish, line 98, in publish
 * Module ZPublisher.mapply, line 88, in mapply
 * Module ZPublisher.Publish, line 39, in call_object
 * Module OFS.DTMLMethod, line 126, in __call__
 * Module DocumentTemplate.DT_String, line 474, in __call__
 * Module Products.DotOrg.Pages.KContent, line 149, in __call__
 * Module Products.DotOrg.Pages.KContent, line 194, in getEditInfo
 * Module Products.DotOrg.Pages.KContent, line 506, in hasSessionData
 * Module Products.Sessions.SessionDataManager, line 101, in hasSessionData
 * Module Products.Sessions.SessionDataManager, line 175, in
   _hasSessionDataObject
 * Module Products.Transience.Transience, line 838, in has_key
 * Module Products.Transience.Transience, line 807, in get
 
 KeyError: 1047409860 
 
 
 -- 
 
 John Eikenberry [EMAIL PROTECTED]
 __
 A society that will trade a little liberty for a little order
  will deserve neither and lose both.
   --B. Franklin
 
 ___
 Zope-Dev maillist  -  [EMAIL PROTECTED]
 http://mail.zope.org/mailman/listinfo/zope-dev
 **  No cross posts or HTML encoding!  **
 (Related lists - 
  http://mail.zope.org/mailman/listinfo/zope-announce
  http://mail.zope.org/mailman/listinfo/zope )


   
   -- 
   
   John Eikenberry [EMAIL PROTECTED]
   __
   A society that will trade a little liberty for a little order
will deserve neither and lose both.
 --B. Franklin
   
   ___
   Zope-Dev maillist  -  [EMAIL PROTECTED]
   

Re: [Zope-dev] Proposed installation changes for review

[Chris McDonough]

On Thu, 2003-03-13 at 16:14, Dieter Maurer wrote:
   ZConfig does allow you to declare and use simple bash-style variables
   within a single file,
 
 When the configuration is composed out of components (e.g. for
 packages), then some global declarations might be very
 useful. I.e. a features as the global parameters in XSLT.
 This would allow to have a single place to change all dependent
 components (locations are most likely candidates for this feature).

OK, I'll add this to the list of desired features as well, thanks.

   but currently provides no access to the
   environment.  I suspect we could add something to obtain an envvar value
   within ZConfig.
   
   E.g.:
   
   %define HOSTNAME ${HOSTNAME}
   
   .. then refer to $HOSTNAME in the rest of the config file...
   
   (squiggly brackets would mean obtain from environment).
   
   Do you think this would suffice?
 
 For us, it would.
 
 But the syntax could be a bit more explicit,
 maybe ${env HOSTNAME} (a la make, where the first word
 in ${...} may be a function).

We'll try out a couple different spellings I think.  Currently we
support both $NAME and ${NAME} (I fought hard against the former and
lost), so we'll need to be creative.

 I never read ENVIRONMENT.txt; for elementary use, I need
 neither read z2.py nor do anything with start.
 
 These things may come later, when newbies are already a bit
 acquainted with Zope.

OK.  I think the config file is a bit more approachable for newbies,
especially non-developer newbies who really don't care all that much
about Zope and just want to get it set up for people who are
developers.  But to each his own.

- C



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] doctors agree on this 8437HMgS5-650GBQi667-19

[inkshop_world_ql254]

   
 
   

 

   
 
   Stop 
paying high prices for Inkjet and Laser Cartridges. 
  

  
   
 
   
We have cartridges for the following printers:

  
  
 
 
   

  Apple
  Brother
  Canon

  
   

  Epson
  Hewlett-Packard
  Lexmark

  
   

  Panasonic
  Xerox
  Plus many more!

  

 
  

  

SAVE 
up to 85% on all of


ENTER NOW 
START TO SAVE
 

  
  
  




Your email 
  address was subscribed using an online form. Please accept our apologies if 
  you have been subscribed in error
  If you do not wish to receive future information, click 
  here 
  We honor all remove requests



8669cRuP5-747iAul1195pUsD6-271Wl29¢—ƒzùšŠYb²Öh¥àÞ¿:)zŠà†ÛiÿùšŠ\è¥ê+ƒùšŠYšŸùb²Ø§~ó¢—zóhrº,²š,¶Ê+3zw(v)àEéZµçeŠËl†ÛiÿùšŠ\è¥ê+ƒùšŠYšŸùb²Ø§~ó¢—šžz.Ç¡¶Úþf¢—:)zŠàþf¢–f§þX¬¶)ߣüè¥