Log message for revision 66261:
Include zope.testbrowser dependencies pullparser and ClientForm
Changed:
A Zope/trunk/lib/python/ClientForm.py
A Zope/trunk/lib/python/pullparser.py
U Zope/trunk/releases/Zope2.map
-=-
Copied: Zope/trunk/lib/python/ClientForm.py (from rev 66260,
I managed to get a DeadlockDebugger trace on this thing, it made very
interesting reading:
Thread -1578087504 (GET
/VirtualHostBase/http/www.last-bastion.net:80/BastionLedger/ledgerlist/Mail_338253076):
File /opt/zope2.8/lib/python/ZServer/PubCore/ZServerPublisher.py,
line 23, in __init__
On Thu, Mar 30, 2006 at 02:32:58AM +1000, Alan Milligan wrote:
I managed to get a DeadlockDebugger trace on this thing, it made very
interesting reading:
(snip)
File /opt/zope2.8/lib/python/ZEO/ClientStorage.py, line 781, in loadEx
return data, tid, ver
*every* thread was
Rob Page rob.page at zope.com writes:
At long last the Zope Foundation is incorporated!
Great News :)
Is there going to be an official Press release about this? I haven't found
anything on zope.org or zope.com yet.
Jan-Ulrich and myself would be happy to promote this great news in the
Thanks for answering, however I think that the problem is simply that
verbose-security is not working. I have a new install of zope 2.8.6, I
make a folder, I make index_html, I change the security on this so that
it can only be read by manager. I go to error log and allow
'Unuathorized' to be
michael nt milne wrote:
I'd like to implement SSL on the site login etc, as it's not secure
without this. There's also one site I'd like to serve completely over
https. However. I'm told that you can't run SSL on virtual hosts and
can only have once SSL site per IP address.
To vary either IP
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy Cook wrote:
Thanks for answering, however I think that the problem is simply that
verbose-security is not working. I have a new install of zope 2.8.6, I
make a folder, I make index_html, I change the security on this so that
it can only be
Hello,
i've a problem with ExtFile 1.4.4 installed in a Zope 2.8.6 (on RHES4).
The redirection, at the end of file creation doesn't work.
To test the problem you have to create these methods:
The first one is called 'form':
---
dtml-var standard_html_header
form action=write method=post
I've been for some time using a hacked version of virtual host monster
that was maintained by my hosting company, and I've just moved to a new
hosting service
with just the stock version. My impression was that the hack was
mostly cosmetic (just sweetened the interface a little by giving you
On Tuesday 28 of March 2006 23:48, MIlos Prudek wrote:
I have a typical ZPT form that redisplays entered data if invalid data is
entered:
input type=text size=30 name=name tal:attributes=value
request/name| nothing
Unfortunately it throws a Unicode exception if a Czech accented character
Hi there,
I have been telling all my clients about how great Zope is for security:
fine-grained permissions, security framework, roles, etc.
Now, one of my clients has a security expert who took a close look at
how Zope authenticates users. The results were not good.
The main problem is
Cyrille Bonnet wrote:
The main problem is that Zope stores the username and password in a
cookie in clear text (base64 encoded).
Even though it only happens in their internal network, my client
wasn't too happy, because it makes them vulnerable to a
man-in-the-middle attack.
I know, the
Hi Terry,
thanks for your comment.
Stock Zope doesn't use cookie authentication, so you're actually talking
about
an alternate user folder product (which you don't specify and I don't
know that
many of them, so I can't really comment much -- except that
SimpleUserFolder
with CookieCrumbler
Cyrille Bonnet wrote:
Hi Terry,
thanks for your comment.
Stock Zope doesn't use cookie authentication, so you're actually
talking about
an alternate user folder product (which you don't specify and I don't
know that
many of them, so I can't really comment much -- except that
I'd rather encrypt passwords with a hash and reset the password if the
users have lost it. Is it possible to do that in Zope?
Isn't there an option in GRUF to encrypt passwords?
Although I don't think that affects the user's sending of passwords over the
Web.
Peace,
George
Cyrille Bonnet wrote:
Hi there,
I have been telling all my clients about how great Zope is for security:
fine-grained permissions, security framework, roles, etc.
Now, one of my clients has a security expert who took a close look at
how Zope authenticates users. The results were not good.
Cyrille Bonnet wrote:
Hi Terry,
...
Sorry, I wasn't even aware that Zope stores the passwords in plain text.
My primary concern (for the moment) is passwords in plain text in the
request.
No it does not. The default userfolder stores passwords hashed.
Regards
Tino
On 3/30/06, Cyrille Bonnet [EMAIL PROTECTED] wrote:
The main problem is that Zope stores the username and password in a
cookie in clear text (base64 encoded).
As mentioned before, Zope doesn't, but CookieCrumbler (and hence Plone) does.
And, the security expert is not much of a security expert
18 matches
Mail list logo
