Re: [Zope3-Users] Re: Default value for an interface attribute
How about checking whether the value of 'default' is a callable and if so call it to obtain the default value. Yup... but evaluation of this is done internally by Zope schema package in Field class I think. Seems for me that there is no way to define 'default' as callable. Right. This is an unsupported use case. I bet if someone writes up a proposal and brings it up to discussion on zope3-dev@zope.org we'll find a common solution to this. Please also notice that we're moving to using launchpad more heavily. So if you write a proposal in the wiki, please also submit it as a feature request (blue print) in launchpad for the Zope 3 product. I was playing a bit more with this issue and I realized that formlib fields have 'get_rendered' method which is called to get default values for a field. It is described at 'Computing default values' section in formlib/form.txt. Example from form.txt: class MyAddForm(form.AddFormBase): ... actions = () ... ... def now(self): ... return datetime.datetime(2002, 12, 2, 12, 30) ... ... form_fields = form.Fields( ... form.Fields(IOrder).omit('now'), ... form.Field(IOrder['now'], get_rendered=now), ... ) ... ... def setUpWidgets(self, ignore_request=True): ... super(MyAddForm, self).setUpWidgets(ignore_request) -- Maciej Wisniowski ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Crash
Our Zope 3.2.1 server is crashing and we cannot determine why. The last entry in the access.log is the following: 218.160.132.172 - - [10/Mar/2007:22:11:45 -0500] CONNECT sextw.com.tw:25 HTTP/1.0 404 0 - - There is no other information to indicate why as far as we can tell. No exceptions, nothing. -- David ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Crash
The last entry in the access.log is the following: 218.160.132.172 - - [10/Mar/2007:22:11:45 -0500] CONNECT sextw.com.tw:25 HTTP/1.0 404 0 - - There is no other information to indicate why as far as we can tell. No exceptions, nothing. Anything in /var/log/messages? Segfault or something like that maybe? We had similiar issues with Zope2 and there were segfault errors in messages file (due to 64 bit architecture and DCOracle2) -- Maciej Wisniowski ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Cancelling AddForm
Thierry Florac wrote: Hi, even a simple Cancel button which should just redirect the browser actually raises an exception when required fields are missing). Any help ? Thanks, Thierry Florac Have You read subject (this list): formlib vs. cancel button? Martin Aspeli has similar question, and AFAIK there was some clue/solution (at least for Cancel button). Cheers! /Ramok ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Crash
-Original Message- From: David Johnson Our Zope 3.2.1 server is crashing and we cannot determine why. The last entry in the access.log is the following: 218.160.132.172 - - [10/Mar/2007:22:11:45 -0500] CONNECT sextw.com.tw:25 HTTP/1.0 404 0 - - Hi David, This is an attack on your server to attempt to proxy a connection (CONNECT) to a third party SMTP (port 25) server (sextw.com.tw). The CONNECT command (i.e. like POST, GET and HEAD commands) is part of the HTTP RFC. It is normally not needed on the vast majority of http servers and is usually disabled. I do not know how zope3 handles this case other than by your observed crash. Technically, what you are experiencing is a Denial of Service (DoS). This is only just slightly better than having the actual CONNECT command succeed. If it succeeds then you have just become a spam engine. If you could get a packet capture of the incoming traffic during one of these attacks you might be able to determine how zope is answering. I would recommend that you place zope behind an Apache proxy server for its protection. Personally, I would rather trust in Apache's robustness for dealing with internet threats than (from my point of view) the relatively unhardened internal implementation (twisted or otherwise) that zope 3 offers. By unhardened, I mean that zope 3 has not undergone (to my knowledge) the many years of discovering and fixing of security issues that apache has. I do not know the extent to which zope 3 has undergone any security vulnerability analysis and testing. Both of the zope books explain how to place apache in front of zope and it is quite straightforward. Mark -- 613-947-1359 System Scientist / Scientifique, spécialiste des systèmes Canada Centre for Remote Sensing / Centre canadien de télédéction Natural Resources Canada, 588 Booth Street, Ottawa, Ontario, Canada, K1A 0Y7 Ressources naturelles Canada, 588 rue Booth, Ottawa, Ontario, Canada, K1A 0Y7 Government of Canada / Gouvernement du Canada ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Crash
On Mon, Mar 12, 2007 at 11:55:53AM -0400, Giovannetti, Mark wrote: From: David Johnson Our Zope 3.2.1 server is crashing and we cannot determine why. The last entry in the access.log is the following: 218.160.132.172 - - [10/Mar/2007:22:11:45 -0500] CONNECT sextw.com.tw:25 HTTP/1.0 404 0 - - Hi David, This is an attack on your server to attempt to proxy a connection (CONNECT) to a third party SMTP (port 25) server (sextw.com.tw). (snip) I would recommend that you place zope behind an Apache proxy server for its protection. Pound might also be a reasonable choice here. (Haven't tried it myself.) But yes, you want *something* in front of Zope. -- Paul Winkler http://www.slinkp.com ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Cancelling AddForm
On Mon, 2007-03-12 at 16:18 +0100, Thierry Florac wrote: Hi, I have several formlib.form.AddForm subclasses in which I've created a custom Action via @action(...). My problem is that I'd like to be able to launch some of these actions (but not all of them, it's action specific) without executing automatic formlib controls (actually, for example, even a simple Cancel button which should just redirect the browser actually raises an exception when required fields are missing). Any help ? Thanks, Thierry Florac Hi Thierry, I implement cancel buttons for formlib like this (probably came from somewhere but I forget where):: def always_good(form, action, data): Helper for actions - will always validate - useful for cancel actions return [] class MyAddForm(form.AddForm): @form.action(_(Cancel), validator=always_good) def handle_cancel(self, action, data): self.request.response.redirect(self.nextURL()) Hope that helps, regards, Darryl ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users