Re: [Zope] Re: htaccess with zope/plone ?
Sorry but can't you post in one message? Also, Zope does do SSL but it's not as good as Apache. And some advice - keep personal insults out of it.On 2/8/06, Chris Withers <[EMAIL PROTECTED]> wrote: michael nt milne wrote:> ok, I've gone into the security tab in the site root and set 'view' to> 'authenticated' whilst de-selecting aquire.Yay!> However, using the password that> gets me into the overall 8080/manage doesn't work. Huh? Can you provide any less information, or maybe make it a bitvaguer? ;-)> Also the front page still> comes up if you cancel the login box and the page displays without css.Then you still haven't sorted your permissions properly... > This> shouldn't happen with view set to authenticated.Then _you're_ doing something wrong, 'cos it works just fine for therest of us...Chris--Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
Look I'm having genuine issues here and to be honest there's no need to become personally insulting. I've just set-up Plone on an Windows server with SSL Apache and multiple virtual hosts so don't take kindly to a few of these remarks. The last piece of my jigsaw is authenication which is becoming an issue. On 2/8/06, Chris Withers <[EMAIL PROTECTED]> wrote: michael nt milne wrote:> I have major problems here trying to set-up authentication over a whole> Plone site using Zope. Using my superuser account I've navigated to the site> root page in the ZMI where it lists all the site pages and objects etc. I've > then gone into security, scrolled down to the bottom and for the 'View'> option I have tried all combinations of 'Manager', 'Authenticated' and> 'Aquire'. It simply won't work.You're simply doing it wrong then ;-) > I get a pop-up box but the superuser manager pass doesn't work.What does it say when you hit cancel? have you tried enabling verbosesecurity in zope.conf?> I find the Zope security, permissions set-up hideously complex and unusable > to be honest and it doesn't even seem to work.Then for gods sake stop trying to use Zope and go find some toy systemyou do understand!> Very frustrated.So are we, quit bugging us until you've learned a bit more about how things work, started with something simple, or just plain raised your IQa little ;-)Chris--Simplistix - Content Management, Zope & Python Consulting- http://www.simplistix.co.uk-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope=ZEO connection
Dennis Allison wrote: 2006-02-06T14:07:20 INFO ZPublisher.Conflict ConflictError at : database conflict error (oid 0x086e, class BTrees._OOBTree.OOBTree, serial this txn started with 0x03633ca95f75e900 2006-02-06 22:01:22.373575, serial currently committed 0x03633caf59114244 2006-02-06 22:07:20.875176) (463 conflicts (0 unresolved) since startup at Mon Feb 6 08:21:26 2006) Well, at least the new conflict error logging stuff works :-) -- 2006-02-06T14:09:09 INFO ZServer HTTP server started at Mon Feb 6 14:09:09 2006 Hostname: x-harper Port: 8081 which also triggers a connection drop and restarBt of ZEO. Odd... not seen this at all, what OS you running on? cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] proxy roles on Product methods
Palermo, Tom wrote: Is it possible to set proxy roles on methods located in Zope Products. Not really, why do you think you need to? see them in a sitemap (uses dtml-tree). However, I've got an edit_html method located in a Zope product that then needs to use stuff in one of the folders that has "View" set to off for that user (who's running edit_html). If the code is in a disk-based class method, security won't be coming into play. What errors are you seeing? (if you get an auth box, consider hitting cancel or enabling verbose security in zope.conf, restarting and trying again) cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
michael nt milne wrote: I have major problems here trying to set-up authentication over a whole Plone site using Zope. Using my superuser account I've navigated to the site root page in the ZMI where it lists all the site pages and objects etc. I've then gone into security, scrolled down to the bottom and for the 'View' option I have tried all combinations of 'Manager', 'Authenticated' and 'Aquire'. It simply won't work. You're simply doing it wrong then ;-) I get a pop-up box but the superuser manager pass doesn't work. What does it say when you hit cancel? have you tried enabling verbose security in zope.conf? I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work. Then for gods sake stop trying to use Zope and go find some toy system you do understand! Very frustrated. So are we, quit bugging us until you've learned a bit more about how things work, started with something simple, or just plain raised your IQ a little ;-) Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: htaccess with zope/plone ?
michael nt milne wrote: ok, I've gone into the security tab in the site root and set 'view' to 'authenticated' whilst de-selecting aquire. Yay! However, using the password that gets me into the overall 8080/manage doesn't work. Huh? Can you provide any less information, or maybe make it a bit vaguer? ;-) Also the front page still comes up if you cancel the login box and the page displays without css. Then you still haven't sorted your permissions properly... This shouldn't happen with view set to authenticated. Then _you're_ doing something wrong, 'cos it works just fine for the rest of us... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: htaccess with zope/plone ?
michael nt milne wrote: But if you've got Apache ssl as well then it's more secure. Yes, SSL is a transport encryption method, not an authentication method... The problem I've found is that you can't put this in the httpd.conf unless it is wrapped in a directive AuthType Basic AuthName "Members Only" AuthUserFile /path/to/.htpasswd require valid-user This is an Apache question, take it elsewhere! Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: htaccess with zope/plone ?
michael nt milne wrote: Also, just to say that I did a test on only letting authenticated and managers view the root page of the site over ssl. How? If you just cancelled the login box or closed it, the whole front page was displayed without any css but you could still get all the content. Well, then you didn't set permissions correctly... I've had this quite a bit before so that's why I'm looking into Apache authentication. I just don't think that Zope authentication is secure. You just don't think, or research, which is more your problem... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: htaccess with zope/plone ?
michael nt milne wrote: Also I'm implementing an extranet solution where extra security is required-so therefore an apache login and a further plone login for editing the site. I commented to someone asking similar questions about them being stupid, lazy or both. I don't think you're lazy ;-) Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: htaccess with zope/plone ?
michael nt milne wrote: Sorry but there's alot of Apache knowledge here and it's completely relevant. No it isn't, if you want to use Apache auth, go ask on an Apache forum. You don't, but you think you do, and you won't listen to anyone, which is annoying in its own right... Also Zope doesn't do SSL well Zope doesn't do SSL at all, there's no point. Secure transport and authentication have little to do with each other... and all password - login is basically insecure! Not if it's over SSL... I've found out that I'm best using httpd.conf and not htaccess . Also irc.freenode is unusable. Oh don't be so rediculous... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
On 08.02.06 21:38:26, michael nt milne wrote: > Of course I did. Why on earth would you be able to view a front page of a > site when it is labelled as 'authenticated' and also as 'manager' ? just by > pressing cancel or return a few times. I just checked that with a plain Zope's index_html. I cannot view localhost:8080/ when I change the security setting of index_html to allow View only for authenticated. However I can view it when I authenticate with the initial user information. Now the same thing with a plone site, removed the view-right from front_page I get a screen telling me to authenticate. Not the "box" because Plone normally uses cookie-auth, you should be able to change that in the UserFolder. If I use the initial-user with the cookie-based-form I can see the plone site. Then I removed the View right from the plone-site-object for anonymous and when I access localhost:8080/p1 I get the Basic-HTTP-Login Box, giving it the initial-user-info it lets me view the front_page. > Big security flaw I'm sorry. I wonder why you are the only one experiencing this... Maybe because the error is on your side (or sits in front of your monitor)? And not Zope. > Also > superuser passwords don't work when security is set up and I've tried this > on a couple of set-ups. And this is apart from the usability. What do you mean with superuser? There is no superuser, you have an initial user but that's not a user you'd normally use to login. You add new Users in the user-folder. And what usability problem are you now talking about? Andreas -- Reply hazy, ask again later. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
Mark Barratt schrieb: > michael nt milne wrote: > ... > My other advice is to try not to touch ZMI security screens: if you're > using Plone you should try to set up the security you need in Plone as Ah yes, things are a bit different when plone comes in. Then Plone documentation should be consulted, of course. Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
michael nt milne schrieb: > Sorry but this is not my experience and I have experimented. Am using > gmail basic setting which I like. Be sure mailinglist people dont like it :-) Actually it should not bee too hard to 1) create a role, lets call it "Guests" (in / ) 2) create a user: guest (in /acl_folder) with role "Guests" 3) remove [ ] acquire for "View" and if you want "Access Contents Information" and make a [x] for Manager and [x] Guests thats it. Go with a new browser (closed and reopen if you want) to / of your site and you will get the standard_error_page with "Unauthorized" if you "cancel" the login box. You can customize standard_error_page if you want. How can this be easier with Apache? I'd like to see :-) (Yes, I know Apache quite good) Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
michael nt milne wrote: I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work. Yes. But security is hard on any capable system, with users, groups, objects, applications all having security attributes and all those things inheriting and interacting in unexpected ways. Netware and Windows are the same. As for 'doesn't even seem to work', that may be true (welcome to Open Source!), but you may 'just' be experiencing interactions between Zope security (hideously complex, etc) and Plone security (also complex). The interactions between these systems are basically beyond ordinary humans - or, possibly, just don't work. It may be most sensible to try to hand off security to another system entirely and let Zope/Plone share/inherit it - as your original intention. If it's an extranet, can you use the surrounding network's system? Pluggable authentication can use Windows or LDAP (or, perhaps, other) authentication to provide access to a Zope/Plone, so visitors log in to your network rather than to the Zope site, and the Zope/Plone can inherit whatever the domain authentication system knows about them. My other advice is to try not to touch ZMI security screens: if you're using Plone you should try to set up the security you need in Plone as far as possible. You really don't need Plone and Zope trying to do different things at the same time: it's a fragile and complex marriage and the partners all too easily end up stalking out of the room. (this also suggests you might have better luck on the Plone discussion lists, eg nntp://gmane.comp.web.zope.plone.user) best Mark Barratt ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
Sorry but this is not my experience and I have experimented. Am using gmail basic setting which I like. On 2/8/06, Tino Wildenhain < [EMAIL PROTECTED]> wrote:michael nt milne schrieb:> Of course I did. Why on earth would you be able to view a front page of > a site when it is labelled as 'authenticated' and also as 'manager' ?> just by pressing cancel or return a few times. Big security flaw I'm> sorry. Also superuser passwords don't work when security is set up and > I've tried this on a couple of set-ups. And this is apart from the> usability.I dont get what you tried... many of us are doing it and it justworks. Much easier as with apache I say. Apropos getting and trying... could you try to set your mail-client to text only and quote likeall others do? This would make it easier to read what you type :-)You only remove [ ] Acquire for View and assign it toAuthenticated or better to whatever role your users should belong. Canceling Authentication requester will not show you contentsbut the standard_error_page - unless you have a broken useragent(e.g. Internetexplorer) with horrible cache settings and didview the authenticated page before. RegardsTino Wildenhain-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
michael nt milne schrieb: > Of course I did. Why on earth would you be able to view a front page of > a site when it is labelled as 'authenticated' and also as 'manager' ? > just by pressing cancel or return a few times. Big security flaw I'm > sorry. Also superuser passwords don't work when security is set up and > I've tried this on a couple of set-ups. And this is apart from the > usability. I dont get what you tried... many of us are doing it and it just works. Much easier as with apache I say. Apropos getting and trying... could you try to set your mail-client to text only and quote like all others do? This would make it easier to read what you type :-) You only remove [ ] Acquire for View and assign it to Authenticated or better to whatever role your users should belong. Canceling Authentication requester will not show you contents but the standard_error_page - unless you have a broken useragent (e.g. Internetexplorer) with horrible cache settings and did view the authenticated page before. Regards Tino Wildenhain ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
I printed out the section on Zope security quite a while ago and read it. So it's not just in the last ten minutes. I haven't tried verbosesecurity just yet as I haven't had the time. Basically, the security should work without that. On 2/8/06, Andreas Pakulat <[EMAIL PROTECTED]> wrote: On 08.02.06 21:25:33, michael nt milne wrote:> I've just tried this on a completely different server. I also made sure that> 'access contents information' was set to 'manager' and 'authenticated'.Wow, you read the zope-book on security, setup a new zope on a server and checked this in just 10 minutes? Forgive me if I don't believe this.> The same thing happens. The main password doesn't work and also you still> get the main page contents if you keep cancelling or pressing return on the > login box.So no Plone this time? What does VerboseSecurity tell you? Do you haveto login to get access to the ZMI? Have you tried to allownon-authenticated access to the ZMI?> Complete nightmare. This was the reason I wanted to go with Apache security > as it's more robust.No it's not, it's not less robust either, at least that's what Iexperienced until now.Andreas--You can rent this space for only $5 a week.___ Zope maillist - Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
On 08.02.06 21:25:33, michael nt milne wrote: > I've just tried this on a completely different server. I also made sure that > 'access contents information' was set to 'manager' and 'authenticated'. Wow, you read the zope-book on security, setup a new zope on a server and checked this in just 10 minutes? Forgive me if I don't believe this. > The same thing happens. The main password doesn't work and also you still > get the main page contents if you keep cancelling or pressing return on the > login box. So no Plone this time? What does VerboseSecurity tell you? Do you have to login to get access to the ZMI? Have you tried to allow non-authenticated access to the ZMI? > Complete nightmare. This was the reason I wanted to go with Apache security > as it's more robust. No it's not, it's not less robust either, at least that's what I experienced until now. Andreas -- You can rent this space for only $5 a week. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
Of course I did. Why on earth would you be able to view a front page of a site when it is labelled as 'authenticated' and also as 'manager' ? just by pressing cancel or return a few times. Big security flaw I'm sorry. Also superuser passwords don't work when security is set up and I've tried this on a couple of set-ups. And this is apart from the usability. On 2/8/06, Tino Wildenhain <[EMAIL PROTECTED]> wrote: michael nt milne schrieb:> Thanks for the advice. I'll have another look at the security settings> but this is undoubtedly an issue. The superuser password not working is> the main one etc. But ultimately my comments on usabiltity should be > taken on board because Zope security is overly complex.Actually its not that hard - and its just fine grained - a very strengthof zope. You can use VerboseSecurity to debug your security issues. Did you read the chapter about users and security in the zope book?RegardsTino-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
michael nt milne schrieb: > Thanks for the advice. I'll have another look at the security settings > but this is undoubtedly an issue. The superuser password not working is > the main one etc. But ultimately my comments on usabiltity should be > taken on board because Zope security is overly complex. Actually its not that hard - and its just fine grained - a very strength of zope. You can use VerboseSecurity to debug your security issues. Did you read the chapter about users and security in the zope book? Regards Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
I've just tried this on a completely different server. I also made sure that 'access contents information' was set to 'manager' and 'authenticated'.The same thing happens. The main password doesn't work and also you still get the main page contents if you keep cancelling or pressing return on the login box. Complete nightmare. This was the reason I wanted to go with Apache security as it's more robust.MichaelOn 2/8/06, michael nt milne < [EMAIL PROTECTED]> wrote: Thanks for the advice. I'll have another look at the security settings but this is undoubtedly an issue. The superuser password not working is the main one etc. But ultimately my comments on usabiltity should be taken on board because Zope security is overly complex. On 2/8/06, Dieter Maurer < [EMAIL PROTECTED]> wrote: michael nt milne wrote at 2006-2-8 16:48 +:>I have major problems here trying to set-up authentication over a whole>Plone site using Zope. Using my superuser account I've navigated to the site>root page in the ZMI where it lists all the site pages and objects etc. I've >then gone into security, scrolled down to the bottom and for the 'View'>option I have tried all combinations of 'Manager', 'Authenticated' and>'Aquire'. It simply won't work.You can use "VerboseSecurity" to analyse difficult authorization problems."VerboseSecurity" is an integral part of Zope from 2.8 on.Previously, it has been a separate product.--Dieter-- Michael -- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
Thanks for the advice. I'll have another look at the security settings but this is undoubtedly an issue. The superuser password not working is the main one etc. But ultimately my comments on usabiltity should be taken on board because Zope security is overly complex. On 2/8/06, Dieter Maurer <[EMAIL PROTECTED]> wrote: michael nt milne wrote at 2006-2-8 16:48 +:>I have major problems here trying to set-up authentication over a whole>Plone site using Zope. Using my superuser account I've navigated to the site>root page in the ZMI where it lists all the site pages and objects etc. I've >then gone into security, scrolled down to the bottom and for the 'View'>option I have tried all combinations of 'Manager', 'Authenticated' and>'Aquire'. It simply won't work.You can use "VerboseSecurity" to analyse difficult authorization problems."VerboseSecurity" is an integral part of Zope from 2.8 on.Previously, it has been a separate product.--Dieter-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Session Variables Redux
Zope 2.9.0 Python 2.4.2 There appears to still be a problem with session variables that does not appear to be the result of interactions with conflicts nor the result of unexpected restarts. It does not appear to be load related. The problem we see is a sudden disappearance of all, one, or a small number of session variables. In a session varaiable stateful system this is an embarassment. The behavior is a bit like a variable which is not identified as persistent, but all read and write accesses go through a getSessionVariable/setSessionVariable interface: ## Script (Python) "getSessionVariable" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters=varname ##title= ## request=container.REQUEST session=request['SESSION'] return session[varname] ## Script (Python) "setSessionVariable" ##bind container=container ##bind context=context ##bind namespace= ##bind script=script ##bind subpath=traverse_subpath ##parameters=var, val ##title= ## request = container.REQUEST session=request['SESSION'] # write only if necessary if not session.has_key(var) or session[var]!=val: session[var]=val Our session lifetimes are long (hours, days) and conflicts are fairly frequent. Hand checking of the logs does not show any obvious correlation between session variable loss and conflict. Moreover, all conflicts are "resolved". Does anyone else see this sort of problem? Any suggestions as to how to isolate the problem? ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
michael nt milne wrote at 2006-2-8 16:48 +: >I have major problems here trying to set-up authentication over a whole >Plone site using Zope. Using my superuser account I've navigated to the site >root page in the ZMI where it lists all the site pages and objects etc. I've >then gone into security, scrolled down to the bottom and for the 'View' >option I have tried all combinations of 'Manager', 'Authenticated' and >'Aquire'. It simply won't work. You can use "VerboseSecurity" to analyse difficult authorization problems. "VerboseSecurity" is an integral part of Zope from 2.8 on. Previously, it has been a separate product. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope=ZEO connection
Dennis Allison wrote at 2006-2-7 18:18 -0800: > ... >What sort of Zope failure can cause this sort of behavior? What's the >best approach to get more information to localize the failure. A crash presented to Zope as a fatal signal (usually "SIGSEGV" or "SIGBUS"). Reconfigure your Linux account running Zope to write core files ("ulimit -Sc 10"). With a bit of luck you will get a core file written in case of such crashes. Look into the core with GDB. Note, that the value "10" might not be big enough to get a complete core file. GDB may have problems to really understand incomplete ones. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] proxy roles on Product methods
Palermo, Tom wrote at 2006-2-8 09:59 -0500: >Is it possible to set proxy roles on methods located in Zope Products. No, but I posted some time ago (to "zope-cmf" or "plone-users") code that allows you to set proxy roles on a region in trusted code. Search for "ProxyContext". -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
On 08.02.06 16:48:08, michael nt milne wrote: > I have major problems here trying to set-up authentication over a whole > Plone site using Zope. Start simple, start up a plain Zope, create a ZPT or DTML and change it's view right. See what happens. > I find the Zope security, permissions set-up hideously complex and unusable > to be honest and it doesn't even seem to work. Have you read the zope documentation on how security works? Have you checked what happens when you access the Plone-url "behind the scenes"? Andreas -- You seek to shield those you love and you like the role of the provider. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] major problems placing authentication on an extranet site-security flaw?
On 8 Feb 2006, at 16:48, michael nt milne wrote: I get a pop-up box but the superuser manager pass doesn't work. If the superuser password is indeed set up correctly then this is a fault of the user folder. There are some bad implementations out that that do not respect the superuser/emergency user. Then, even with 'authenticated' checked and using a different browser to the one I'm using for the management screen, clicking return on the login box over and over again eventually produces the front page sans CSS. It shouldn't do this and when the extranet is live, if the public were to be able to view it this would be a serious risk. I've set view to authenticated only but it still lets me in. I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work. I'll be more explicit this time: You don't know enough to make blanket statements like this. From your emails it is obvious that you don't know much at all about the way Zope security works. You need to get a clue about what you're doing first. From the lack of similar complaints from the many Zope and Plone users out there and the lack of interest (meaning lack of responses to your emails) the only logical conclusion is that the fault is on your end. Since this is a Plone site I would suggest you move this discussion to a Plone-related mailing list. jens ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] major problems placing authentication on an extranet site-security flaw?
HiI have major problems here trying to set-up authentication over a whole Plone site using Zope. Using my superuser account I've navigated to the site root page in the ZMI where it lists all the site pages and objects etc. I've then gone into security, scrolled down to the bottom and for the 'View' option I have tried all combinations of 'Manager', 'Authenticated' and 'Aquire'. It simply won't work. I get a pop-up box but the superuser manager pass doesn't work. Then, even with 'authenticated' checked and using a different browser to the one I'm using for the management screen, clicking return on the login box over and over again eventually produces the front page sans CSS. It shouldn't do this and when the extranet is live, if the public were to be able to view it this would be a serious risk. I've set view to authenticated only but it still lets me in. I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work.Very frustrated.-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Startup error with Formulator
Zope 2.8.4 Python 2.4.2 Startup error with Formulator. What's missing or broken? Out of the box: 2006-02-08T01:51:58 ERROR Zope Couldn't install Five Traceback (most recent call last): File "/usr/local/src/zope/Zope2.8/lib/python/OFS/Application.py", line 773, in install_product initmethod(context) File "/usr/local/src/zope/Zope2.8/lib/python/Products/Five/__init__.py", line 29, in initialize zcml.load_site() File "/usr/local/src/zope/Zope2.8/lib/python/Products/Five/zcml.py", line 45, in load_site _context = xmlconfig.file(file) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 439, in file include(context, name, package) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 375, in include processxmlfile(f, context) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 245, in processxmlfile parser.parse(src) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py", line 109, in parse xmlreader.IncrementalParser.parse(self, source) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/xmlreader.py", line 123, in parse self.feed(buffer) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py", line 216, in feed self._parser.Parse(data, isFinal) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py", line 364, in end_element_ns self._cont_handler.endElementNS(pair, None) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 225, in endElementNS self.context.end() File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py", line 518, in end self.stack.pop().finish() File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py", line 665, in finish actions = self.handler(context, **args) File "/usr/local/src/zope/Zope2.8/lib/python/Products/Five/fiveconfigure.py", line 56, in loadProducts xmlconfig.include(_context, zcml, package=product) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 375, in include processxmlfile(f, context) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 245, in processxmlfile parser.parse(src) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py", line 109, in parse xmlreader.IncrementalParser.parse(self, source) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/xmlreader.py", line 123, in parse self.feed(buffer) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py", line 216, in feed self._parser.Parse(data, isFinal) File "/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py", line 353, in start_element_ns AttributesNSImpl(newattrs, qnames)) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py", line 206, in startElementNS self.context.begin(name, data, info) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py", line 515, in begin self.stack.append(self.stack[-1].contained(__name, __data, __info)) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py", line 815, in contained return RootStackItem.contained(self, name, data, info) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py", line 683, in contained factory = self.context.factory(self.context, name) File "/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py", line 461, in factory raise ConfigurationError("Unknown directive", ns, n) ZopeXMLConfigurationError: File "/usr/local/src/zope/Zope2.8/lib/python/Products/Five/skel/site.zcml", line 12.2-12.23 ZopeXMLConfigurationError: File "/opt/zope/zproducts/standard/Formulator/configure.zcml", line 7.2 ConfigurationError: ('Unknown directive', u'http://namespaces.zope.org/i18n', u'registerTranslations') -- The offending file is: http://namespaces.zope.org/zope"; xmlns:i18n="http://namespaces.zope.org/i18n"; > -- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] proxy roles on Product methods
Hi All, Is it possible to set proxy roles on methods located in Zope Products. I need to turn the View permission off on some folders so certain users can't see them in a sitemap (uses dtml-tree). However, I've got an edit_html method located in a Zope product that then needs to use stuff in one of the folders that has "View" set to off for that user (who's running edit_html). Thanks, Tom ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ExtFile - wrong file extension and content_type
On 2/7/06, Michael Vartanyan <[EMAIL PROTECTED]> wrote: > well. I would really like to know what does this "b/w" mean in this > context? Not black&white for sure :-) I'd guess at 'backward compatibility'. -- Martijn Pieters ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: htaccess with zope/plone ?
ok, I've gone into the security tab in the site root and set 'view' to 'authenticated' whilst de-selecting aquire. However, using the password that gets me into the overall 8080/manage doesn't work. Also the front page still comes up if you cancel the login box and the page displays without css. This shouldn't happen with view set to authenticated. On 2/8/06, Jens Vagelpohl <[EMAIL PROTECTED]> wrote: On 7 Feb 2006, at 23:58, michael nt milne wrote:> Also, just to say that I did a test on only letting authenticated> and managers view the root page of the site over ssl. If you just> cancelled the login box or closed it, the whole front page was > displayed without any css but you could still get all the content.> I've had this quite a bit before so that's why I'm looking into> Apache authentication. I just don't think that Zope authentication > is secure.As someone else has already mentioned, there is zero difference whenit comes to "how secure" the login procedure is. It doesn't matterhow you set up authentication if you haven't applied the proper permission settings in Zope to prevent showing that front pagecontent you mentioned earlier. You need to get a better idea how touse the built-in Zope security mechanisms to achieve the securitysettings you would like to see. Using both Apache and Zope authentication will bring mostly pain.Your strategy is wrong. Get a better understanding of what Zope cando in that regard and then decide.jens___ Zope maillist - Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )-- Michael ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: htaccess with zope/plone ?
On 7 Feb 2006, at 23:58, michael nt milne wrote: Also, just to say that I did a test on only letting authenticated and managers view the root page of the site over ssl. If you just cancelled the login box or closed it, the whole front page was displayed without any css but you could still get all the content. I've had this quite a bit before so that's why I'm looking into Apache authentication. I just don't think that Zope authentication is secure. As someone else has already mentioned, there is zero difference when it comes to "how secure" the login procedure is. It doesn't matter how you set up authentication if you haven't applied the proper permission settings in Zope to prevent showing that front page content you mentioned earlier. You need to get a better idea how to use the built-in Zope security mechanisms to achieve the security settings you would like to see. Using both Apache and Zope authentication will bring mostly pain. Your strategy is wrong. Get a better understanding of what Zope can do in that regard and then decide. jens ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )