Re: [Zope] Zope, Apache/NT, Reliability issues

2000-06-09 Thread J. Michael Mc Kay

Can I jump in?

What is the process involved for pcgi or Zope to pass authentication?  I am
not running Apache, but good old dependable Website Pro. When I attempt to
run Zope via pcgi it works fine unless I want to manage or allow a client to
log into a products administration screens.  I am returned an error when
trying to access, for example, Squishdot admin or Zope manage. On the other
hand users can log into and use the portal product.

Zope is not accepting the management login info. My understanding is not
clear on what Apache does to accept log ins via pcgi.  For that matter the
same for IIS. I am not sure that IIS is really only accepting NTusers. The
reading I have done so far suggests this may be the case.

Zope  Apache are HTTP1.1 compliant? Website is 1.0 or partially 1.1...
can this be part of the problem?  I run into some problems with requests and
compliancy when using newer utilities against the server.

The conversation below suggests that pcgi passes requests to Zope.  I am
confused about this because I am told this is a Website issue, but when
explained in it's simplest terms (below) it appears to be a pcgi or Zope
issue.

The error I am receiving says that the webserver may not be able to forward
cgi requests (? it's been awhile since I looked at it) This doesn't make
sense if pcgi is  passing the info on. I guess I am asking "Where exactly is
authentication breaking down when using pcgior where is it most likely
to break down?

Website has only 15 percent of the NT market share (it's the price tag I'm
sure) and it is hard to find someone to share these experiences with, so
thanks for allowing this intrusion..

___
PCGI passes on requests to Zope, where Zope can handle multiple requests at
the same time. Basically, requests are handed over to ZServer ass if the
request came in directly. PCGI takes some care of waiting for ZServer to
become available if it is congested.

So, there is one Zope instance running that can listen to normal HTTP
requests, FTP requests and PCGI requests (any combination of that). The PCGI
CGI's are fielded on requests coming though Apache and hand back the results
to the client.

 And what about the method of "masquerading" the ZServer through Apache?
 I have read solutions using the Rewrite module and the Proxy module, but
 it actually means (roughly speaking) that if there are 10 requests
 made to Apache then it will make 10 requests to ZServer so, considering
 only the reliability issue of the server even if Apache can handle
 millions of requests per second, the ZServer would fall down much faster
 than that so I cannot see any advantage of using Apache in front of it.
 Of course I understand the other advantages of Apache as it´s many
 configuration options, robustness as a web server, etc, but can the
 ZServer stay up and running in pair with Apache? Maybe there´s any way
 to configure Apache to cache the pages -- as a Squid would -- so it can
 "filter" the requests and low the requests level that it will do to
 ZServer?

People generally use Apache for combining Zope with other content. Zope is
good at serving dynamic content, Apache at static, so if you serve Zope
behind
Apache, you can mix and match. Also, when you have existing CGI, PHP or
other
Apache dependant content that you want to make available from the same base
URL, you will need to use Apache in front of Zope.

You can, IIRC, use tge ProxyPass trick together with caching as well,but I
have no experience with that. There is one big disadvantage to using
ProxyPass
at the moment, which is that you need to use the SiteAccess product to make
it
work correctly. The SiteAccess product has some known issues and causes
regressions in parts of Zope, like the ZCatalog. These issues _shold_ be
solved with the upcoming 2.2 release of Zope.

 And what about it´s object oriented database? I also have some doubts
 about it. I worked a lot with relational databases as MS SQL and MySQL
 but never tried to study an OO approach to DB. How fast it is? How much
 requests can it handle without hanging, collapsing or corrupting data? I
 mean, anyone tried to do some study of a database that changes everytime
 and have queries everytime, I mean, searches in a database where it´s
 data changes constantly (searching a static database is much different
 than searching on a mutable one). Row level locking, transaction,
 consistency, etc, all these concepts apply here? Can it be substituted
 by a traditional relational database and have it´s contentes interfaced
 to "looks like" object oriented?

The ZODB, Zope's Object Database, is an integral part of Zope. As soon as
you
look at Zope through the management interface, you are looking at objects
stored in the ZODB. Zope is inherently OO, and you generally use object
instances to build your site.

The ZODB is transactional, is optimized for high reads, low writes, and
takes
care of access conflicts not by locking, but invalidating all connections

Re: [Zope] Wrong mime type sent by Zope on every page

2000-06-09 Thread Jerome Alet

On Thu, 8 Jun 2000, Andrew Diller wrote:

 Server: Zope/Zope 2.1.6 (source release, python 1.5.2, linux2) ZServer/1.1b1
 
 Why does Server: return linux2? This is an Compaq Alpha running Tru64!?!

No. That's what you are told it is.

In fact it's an i386 under GNU/Linux ;-))

bye,
Jerome ALET - [EMAIL PROTECTED] - http://cortex.unice.fr/~jerome
Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30 
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE



___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Zope, Apache/NT, Reliability issues

2000-06-09 Thread R. David Murray

On Fri, 9 Jun 2000, J. Michael Mc Kay wrote:
 The conversation below suggests that pcgi passes requests to Zope.  I am
 confused about this because I am told this is a Website issue, but when
 explained in it's simplest terms (below) it appears to be a pcgi or Zope
 issue.
 
 The error I am receiving says that the webserver may not be able to forward
 cgi requests (? it's been awhile since I looked at it) This doesn't make
 sense if pcgi is  passing the info on. I guess I am asking "Where exactly is
 authentication breaking down when using pcgior where is it most likely
 to break down?

From this I'm guessing that website is not passing authentication
headers in the environment when a cgi is called, which is a good
default configuration.  The Apache magic is a method for telling
Apache you really want it to pass the auth info to the cgi.

--RDM


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Zope, Apache/NT, Reliability issues

2000-06-09 Thread Martijn Pieters

On Fri, Jun 09, 2000 at 02:50:26AM -0400, J. Michael Mc Kay wrote:
 Can I jump in?
 
 What is the process involved for pcgi or Zope to pass authentication?  I am
 not running Apache, but good old dependable Website Pro. When I attempt to
 run Zope via pcgi it works fine unless I want to manage or allow a client to
 log into a products administration screens.  I am returned an error when
 trying to access, for example, Squishdot admin or Zope manage. On the other
 hand users can log into and use the portal product.
 
 Zope is not accepting the management login info. My understanding is not
 clear on what Apache does to accept log ins via pcgi.  For that matter the
 same for IIS. I am not sure that IIS is really only accepting NTusers. The
 reading I have done so far suggests this may be the case.
 
 Zope  Apache are HTTP1.1 compliant? Website is 1.0 or partially 1.1...
 can this be part of the problem?  I run into some problems with requests and
 compliancy when using newer utilities against the server.
 
 The conversation below suggests that pcgi passes requests to Zope.  I am
 confused about this because I am told this is a Website issue, but when
 explained in it's simplest terms (below) it appears to be a pcgi or Zope
 issue.
 
 The error I am receiving says that the webserver may not be able to forward
 cgi requests (? it's been awhile since I looked at it) This doesn't make
 sense if pcgi is  passing the info on. I guess I am asking "Where exactly is
 authentication breaking down when using pcgior where is it most likely
 to break down?
 
 Website has only 15 percent of the NT market share (it's the price tag I'm
 sure) and it is hard to find someone to share these experiences with, so
 thanks for allowing this intrusion..

CGI scripts traditionally get a predigested version of the headers the client
hands in. On many web servers, this _doesn't_ include the authentication
headers, which are crucial for handling password authenticated parts of your
website. Most servers will try and handle this information themselves, and
only hand the CGI script a new header, 'HTTP_REMOTE_USER', IIRC, that contains
the name of the authenticated user. This is desireable for many CGI scripts
when you don't want to have to code authentication libraries.

However, it is a pain when you have a system like Zope, that _is_ very capable
of handling this kind of authentication by itself. For different servers,
different tricks need to be employed.

On Apache, you can use a rewrite rule to make a copy of the Authorization
header and pass the copy in as 'HTTP_CGI_AUTHORIZATION'. On IIS, if you
specify no password protection for the PCGI stub, it gets handed the proper
headers quite nicely. IIS does interfere with the Zope 401 status message,
you'll need to switch that off. On Roxen, I believe there is a configuration
setting called 'Raw user info' for this. And Netscape requires a NSAPI plugin
to pass on the information.

Now, it sounds like Website doesn't pass in the Authorization header either.
Unfortunately, I don't know enough about Website Pro to be able to say wether
or not you can make it pass the header anyway, and what tricks are needed to
make it so. You will need to consult the Website Pro manuals for that. I hope
that my explanation has given you enough pointers to help you out here.

There is an alternative to passing in the Authorization header however, and
that's having Zope use REMOTE_USER. Your webserver will then do the
authentication, set the REMOTE_USER variable, and Zope will try and find a
User object that matches that user name. See doc/WEBSERVER.txt for more info
on this.

-- 
Martijn Pieters
| Software Engineermailto:[EMAIL PROTECTED]
| Digital Creations  http://www.digicool.com/
| Creators of Zope   http://www.zope.org/
|   The Open Source Web Application Server
-

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] unsubscribcription

2000-06-09 Thread raphaël zamochnikoff

hello !

i would like to unsuscribe the zope mailing list as soon as possible, 
because the end of my training course comes near.

thanks in advance !

raphael zamochnikoff

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ANN: ZUBB 0.3.2 (Zope Ultimate Bulletin Board)

2000-06-09 Thread Graham Chiu

In article p04320400b5660d26458c@[209.27.56.93], J. Atwood
[EMAIL PROTECTED] writes
This would be possible but I think it would be confusing to the user (posts 
would jump to the top). See below...

Perhaps not if you just sorted the once when the person first hit the
site.  Of course, that would mean each user would have a different view
of the tree.

I think it would be less confusing to have just one level of indentation
in threads as in UBB rather than unlimited levels as here ( and in
Matt's BBS ).  Takes too many clicks to get to the new messages, and far
too long if you expand all threads.  Perhaps amalgamate all replies to
the main post into one long document.

Also, I would prefer to not have the post message form exposed, but to
click on a button to then expose it.  This would allow me to only allow
registered users to post - they click on post - and then go through a
log on screen, and then they post.  I think in UBB you also have to log
on to post, but you can read anonymously.

-- 
Regards,  Graham Chiu
gchiuatcompkarori.co.nz
http://www.compkarori.co.nz/index.php
Powered by Interbase and Zope

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Re: FSSession newbie problem

2000-06-09 Thread Marcello Lupo

Well... the statements are not in the same file but in two different
files. 
This are the statements, the dtml-call FSSession is in the
standard_html_header.


Method list_products:

dtml-var standard_html_header
dtml-unless "FSSession.has_key('carrello')"
dtml-call "FSSession.set('carrello',{})"
/dtml-unless

form action="aggiungi_prodotto" name="carrello" method="get"
target="Carrello"
input type="hidden" name="ID" value="dtml-if
"FSSession.has_key('ID')"dtml-call
"FSSession['ID']+1"dtml-else1/dtml-if"
input type="hidden" name="codice_famiglia" value="dtml-var cod_prod"
input type="hidden" name="codice_prodotto" value="dtml-var
cod_ident"
input type="hidden" name="nome_prodotto" value="dtml-var
nome_prod_it"
input type="hidden" name="prezzo" value="dtml-var prez_lire"
input type="hidden" name="quantita_prodotto" value="1"
input type="image" name="acquista" value="acquista"
src="/ecom/images/freccia2.jpg" border="0"
/form
dtml-var standard-html-footer

Method aggiungi_prodotto:

dtml-var standard_html_header
dtml-var "REQUEST.form"br  # CHECK It prints out fine the form
dictionary!!

dtml-in "REQUEST.form.items()"
dtml-var sequence-item
/dtml-in # CHECK It prints out fine the form
variable!!


dtml-call "FSSession['carrello'].update(REQUEST.form)"
br
dtml-var ID
dtml-var codice_famiglia
dtml-var codice_prodotto
dtml-var nome_prodotto
dtml-var prezzo
dtml-var quantita_prodotto    Them works fine!!

br
dtml-var "FSSession('carrello')"br   It prints out "None"
dtml-var standard_html_footer


The FSSession is in the same folder of my two methods, may be this a
problem?
I tried out the code in a single page and it works fine if you limit to
create the variable 'carrello' in the FSSession. I checked the session
file and it contains :
--cut here
(dp1
S'carrello'
p2
(ds.
 cut here--
The problem is when i try to update the variable 'carrello' with
something. 

I tryed the code you gave to me and it works so i think that the problem
is that i initialize the variable in a method and update it in another
one.
Probably the second method point to a different session file than the
first.

Well thank you for help, for now i will make all in one method and of
you have some ideas to solve it it will be appreciated.

Bye.
Marcello

Hung Jung Lu wrote:
 
 --- In [EMAIL PROTECTED], Marcello Lupo [EMAIL PROTECTED] wrote:
 and macically i obtain the same error.
 this is the code i used:
 dtml-call FSSession
 dtml-unless "FSSession.has_key('cart')"
 dtml-call "FSSession.set('cart',{})"
 /dtml-unless
 
 dtml-call "FSSession['carrello'].update(REQUEST.form)"
 
 I have tried your code with 'cart' everywhere, and it worked just fine. Can
 you print out the form variables?  Are all the statements inside the same
 DTML file? It really works fine. Also, make sure that FSSession is in a
 parent folder of your DTML method. (Root folder is usually a good idea.) Is
 your machine cookie-enabled?
 
 
 dtml-var standard_html_header
 dtml-call FSSession
 dtml-unless "FSSession.has_key('cart')"
   dtml-call "FSSession.set('cart',{})"
 /dtml-unless
 dtml-call "FSSession['cart'].update(REQUEST.form)"
 dtml-var "FSSession['cart']"
 dtml-var standard_html_footer
 
 
 If you still have problems, you can try SQLSession or HappySession. For
 beginners I would recommend HappySession so you don't need to worry about
 the details of FSSession or SQLSession.
 
 Download HappySession from
 http://www.zope.org/Members/hungjunglu/Products/HappySession
 
 Add an HappySession instance in your Zope hierarchy. Then try:
 
 
 dtml-var standard_html_header
 dtml-unless "SESSION.has_key('cart')"
   dtml-call "SESSION.set('cart',{})"
 /dtml-unless
 dtml-call "SESSION['cart'].update(REQUEST.form)"
 dtml-var "SESSION['cart']"
 dtml-var standard_html_footer
 
 
 regards,
 
 Hung Jung
 
 
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] What is favicon.ico and why is it an error?

2000-06-09 Thread Toby Dickenson

On Wed, 07 Jun 2000 13:58:42 -0400, "J. Atwood"
[EMAIL PROTECTED] wrote:

So, does the user get an error page or is the server just sending me an
error cause it is requesting a file that does not exist. I will try testing
with IT (it is not effecting my Mac IE 4.5/5.0)

The user wont see error; just the default icon in the favorites menu.

Add this to the many reasons that I hate MIE!

do you have a robots.txt, or are webcrawlers evil too? ;-)


J. Michael Mc Kay wrote

Now that you have done this, you have to put it in every directory
accessible to IE to prevent excessive logging of errors on your server.

Is that true? I undestand only the root directory is necessary, unless
you have specifically linked another icon file from your html.




Toby Dickenson
[EMAIL PROTECTED]

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




RE: [Zope] Q: Accessing ZSQL methods from Python

2000-06-09 Thread a . wacknitz



 -Original Message-
 From: Dieter Maurer [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, June 08, 2000 10:21 PM
 To: [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Subject: Re: [Zope] Q: Accessing ZSQL methods from Python
 
 
 [EMAIL PROTECTED] writes:
   my question is what type or value is returned by a ZSQL 
 method that is
   invoked from Python?
 ZSQL methods return "Shared.DC.ZRDB.Results.Results" instances.
 Such an instance essentially behaves like a sequence of
 objects each describing one result row.
 These objects have been set up such that a column value
 can be accessed as attribute with the column name.
 Thus, "results[i].column" gives the value of "column" of
 the i.th row.
Yes, that works fine. But I need to know of NULL values.

 
 How to determine, how "Null" values are recognized,
 is less a Zope than a database adapter question.
 I would expect, that most (if not all) database
 adapters will map SQL Null to None.
That was what I thought but at least ZODBC won't do this.
What I have found out is, that repr(SQL NULL) == 'Missing.Value'.

 
 However, even some well established SQL databases do not
 treat Null standards-conform but represent it as
 the empty string. Then, the database adapter has
 no chance to map this to None but must use '', too.
ZODBC won't do this either.

 
 
 Dieter
 

Andreas
**
This email message has been swept by MIMEsweeper for the presence of
computer viruses.

Francotyp-Postalia AG  Co.


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Urgent Help Required- Installation

2000-06-09 Thread System Administrator

Hi Daryl

this did not work. it gave a conflict with the exisiting installed
packages.


On Fri, 9 Jun 2000, Daryl Tester wrote:

 python-devel is an RPMism (which means you won't find it on python.org).
 On my RedHat 6.1 box, it's python-devel-1.5.2-7.rpm .  chkconfig,
 according to "rpm -qf `which chkconfig`", is owned by chkconfig-1.0.7-2.
 
 
 Regards,
   Daryl Tester
 

Parag Mehta[EMAIL PROTECTED]
System Administrator.
Puretech Internet Pvt. Ltd.http://puretech.co.in/ 
77 Atlanta. Nariman Point.
Mumbai - 400021. India.Tel: +91-22-2833158  

Support is now available thru our Web Based Support System.
http://support.puretech.co.in





___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Extended characterset

2000-06-09 Thread Ivan Mackintosh

Hi,

What I want to do is to allow users to be able to enter greek/mathematical
symbols into a textbox. I have managed to do this but get the following
problem - 

In the first dtml method the user clicks on a symbol button and that symbol
is entered into the textbox. They then click on a submit button and the next
dtml method is displayed.

This method simply does a dtml-var REQUEST so that I can see the value
of the previous textbox. The symbol has changed!

On the first method I enter a lower case delta symbol and in the second I can
see an 'a' with dots above it.

If I change my code so that instead of inserting a symbol into the textbox it 
inserts the code delta; then when I get to the second dtml method the correct
symbol is displayed. This is not very user friendly though.

Is there somekind of encoding variable set in Zope? as if I do the same code
in straight html then it works fine.

Regards,
Ivan







___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Zope, Apache/NT, Reliability issues

2000-06-09 Thread Duncan Booth

  My test platform is a Windows NT 4 running Apache 1.3.12. The first
  doubt comes to the fact that I could not find the pcgi module for NT (I
  do not have any kind of C compiler, so I´ll be very glad if anyone know
  a binare version). So I´d like to know where can I find informations
  about installing Zope using PCGI in an NT Apache installation.
 
 It could be someone else has already compiled it and used it.

I see that the latest version of the fastcgi module now claims to 
have beta Win32 support so this may make a suitable alternative to 
PCGI. Has anyone out there tried FastCGI on NT?


-- 
Duncan Booth [EMAIL PROTECTED]
int month(char *p){return(124864/((p[0]+p[1]-p[2]0x1f)+1)%12)["\5\x8\3"
"\6\7\xb\1\x9\xa\2\0\4"];} // Who said my code was obscure?
http://dales.rmplc.co.uk/Duncan

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Zope.org Hidden Stats

2000-06-09 Thread ethan mindlace fremen

Tony McDonald wrote:

 If you're running Zope from behind Apache/PCGI then you *have* to run
 Zope single threaded. Am I correct?

I think Martijn Pieters answers this question in the Zope, Apache/NT,
Reliability Issues
thread.

ethan mindlace fremen
Zopatista Community Liason

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] WorldPilot - Regular messages are attachments? (PatchFix)

2000-06-09 Thread ethan mindlace fremen

Paul Gresham wrote:
 
 Excellent, thanks Bryan. I have another question? Do you have problems with
 browsers not obtaining the correct filenames of attachments when they are
 downloaded, i.e. the file becomes ATT0002.DAT or similar? I have this
 problem and also if I choose to download a file and then cancel the dialog,
 everything seems to get stuck, and I have to close the browser and start
 again.

I have the same problem.  All attachments, when downloaded, become "getpart".  A
simple rename works, but I find it highly obnoxious.

~ethan

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] zodbc performance question

2000-06-09 Thread julio dinis

Hi all,

Using zodbc, supose we have the following situation. One 
zodbc_database_connection and lots of zsql methods. Can we say that creating 
more zodbc_database_connection(with a system dsn for each one, but all 
pointing to the same database) and thus distribute the zsql methods avoiding 
to all use the same zodbc_connection, will increase performance. Dont tell 
me I have to test it, I will but some thougts here will help.

Best regards,
Júlio Dinis Silva

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] mssql system dsn hangs causing zope to be no more

2000-06-09 Thread julio dinis

I'm using 2.1.6.
Regards,
Julio


From: "Harald Ragger" [EMAIL PROTECTED]
To: "julio dinis" [EMAIL PROTECTED]
CC: "Zope List" [EMAIL PROTECTED]
Subject: Re: [Zope] mssql system dsn hangs causing zope to be no more
Date: Thu, 8 Jun 2000 18:02:33 +0200

Julio:
what version of zope do you run?

harald
- Original Message -
From: "julio dinis" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 08, 2000 1:49 PM
Subject: [Zope] mssql system dsn hangs causing zope to be no more


  Hi Zopistas!
 
  After some time of heavy use of the site the
  zserver goes zombie, and even restarting will put zope
  automatically zombie, never more.
 
  If I remove the system dsn I use with zodbc and restart zope,
  then zope runs like a ferrari. I than create again the odbc system
  dsn and everything is back again.
 
  But some time after the zombie arise from the grave :-(
 
  I'm looking at logs.
  Anyone with this problem?
 
  Júlio Dinis Silva
  
  Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
 
 
  ___
  Zope maillist  -  [EMAIL PROTECTED]
  http://lists.zope.org/mailman/listinfo/zope
  **   No cross posts or HTML encoding!  **
  (Related lists -
   http://lists.zope.org/mailman/listinfo/zope-announce
   http://lists.zope.org/mailman/listinfo/zope-dev )
 
 



Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] What is favicon.ico and why is it an error?

2000-06-09 Thread J. Atwood

At 9:43 AM +0100 6/9/2000, Toby Dickenson wrote:
The user wont see error; just the default icon in the favorites menu.

You are correct. They don't see the error but it still produces a Zope error.

  Add this to the many reasons that I hate MIE!

do you have a robots.txt, or are webcrawlers evil too? ;-)

This, on the other hand, does not product a Zope error, just is 
logged as a 404. It is also useful in keeping search engines away 
from certain areas of your site. The favicon.ico trick really has no 
use, no functionality, no deeming qualities. M$ also did it in a 
bitmap as opposed to a jpg/gif which makes it much bigger than it 
should be. It also tells the server that a user has bookmarked your 
site, which to some users might seem like yet another breach of 
privacy.

J




___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Secure storage of credit card info

2000-06-09 Thread Cary O'Brien

 OK, any of you out there who have thought about ecommerce, cryptography,
 and zope, I've got a design question for you.  Actually, this question
 is independent of zope, but I need to solve it in a zope context.
 
 You have a ZCommerce site.  You accept credit cards, and securely
 communicate with a CC processor to verify the transacton.  Now,
 you want to save the CC# and other info in case something needs
 to be done with it later, and probably store the CC# so this
 customer doesn't have to type it in again later.  Regardless
 of whether you are storing this info in a relational database
 or in the ZODB, how do you secure that information?  Ideally
 I'd like it to be encrypted on disk.  Now, storing it in a database
 probably makes it pretty hard to grep out even if a hacker
 manages to snarf the database file, but I'd like to encrypt it.
 But if I encrypt it, I have to have a decryption key somewhere.
 Where do I store the decryption key so that the cracker who
 snarfs the database file can't get it (just in memory somewhere?),
 and yet have the system be able to boot itself, including having
 the key, without human intervention?  It seems to me like
 this is a Hard Problem, but I'm not up on the current
 cyrptography practice.  So if there is a well known general
 solution, I'd love to hear about it.  Otherwise, does anyone
 know what current Best Practice is?
 

Good question.  I was just talking to someone about this a few
days back.  What they did was to

a) create a public/private keypair.  Don't
   leave the private key ANYWHERE except on
   the CC verification machine (described below)

b) encrypt the data using the public key

c) store the encrypted data

d) ship the encrypted cc information through
   an internal firewall[1] with one hole to a 
   CC verification back end.  This back end
   is protected as much as possible, accessible
   by as few people as possible.  It uses the
   private key to decrypt and verify.  

You are still vulnerable if someone can get in and snarf
the CC information during b), but at least you don't have
thousands of CC numbers hanging around on your frontend
or database machines.  The idea is that the CC verification
machine is much less likely to be compromised.

Best practice?  I don't know.  But it sounded like a good
idea to me.

Hope I got this right. (Hi Ramon!)

-- cary

[1] Which also needs to have limited access.



___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Announce: Squishdot 0.4.1 Released

2000-06-09 Thread Chris Withers

Squishdot 0.4.1 is now available from 
http://www.zope.org/Members/chrisw/Squishdot/

The following major changes were made:

 - You can now use things like 'site_header' and 'site_footer' in 
   'showMessage' and 'showError'.

 - Security has been tightened and a new set of roles introduced.

 - The bug requiring a 'body' parameter to be supplied to 'search' 
   has been fixed.

There are some other small changes and improvements.

If you run into problems, remember Squishdot has a mailing list at 
eGroups and a bug collector on SourceForge.

cheers,

Chris

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Re: [ZCommerce] Secure storage of credit card info

2000-06-09 Thread Cary O'Brien

 -  You have a ZCommerce site.  You accept credit cards, and securely
 -  communicate with a CC processor to verify the transacton.  Now,
 
   Besides Bill's suggestion, keep all your servers behind a good
 firewall.  One option is to use Linux IP Masquerading, having your
 webserver *and* database server use 192.168.0.??? IP Addresses.  Then,
 turn on port forwarding on your Masq server, so that all incoming requests
 on port 80 go to (something like) port 8080 on your webserver, which then
 responds to the request.
 
   You could just use an encrypted filesystem on the database server,
 although that may be too slow (and possibly overkill?).  At that point
 --assuming your firewall is secured-- you'd more or less need physical
 access to your internal network to see those CC#s.  The only real danger
 left is a misconfiguration (or bad code) in your webserver software.
 (read: don't use IIS :)
 

I would work from the assumption that, worst case, your web server
machines may get rooted, either from external attacks or from internal
"human engineering".  And that people can modify your software and
install sniffers. [1] Especially if you have a lot of people modifying
content on that machine.

That's why you get the best protection with a separate machine,
firewalled off, with limited access, plus Public key encryption.

If you get rooted and you don't know about, you've lost the game.  If
you get rooted and you find out, you've only lost those CC numbers
that were processed while you were compromised.

My 2 cents.

I'd be interested to hear alternate viewpoints.

-- cary (who worries alot)

[1] Which is why switches (rather than dumb hubs) are nice.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] How do you call the string?

2000-06-09 Thread Ian Sparks

Martin,

I'm no Zope expert but if you have a property with an ID of "prop1" of type
string with a value "first_value" set on a DTML Document then inside the
document you can say :

dtml-var prop1

and "first_value" will be substituted into your code at this point,
replacing the "dtml-var prop1" declaration.

I am not sure why you want to get the title? You only need to know the ID to
get the value.

Are you trying to find a way of looping through all the properties defined
for a document? If yes, I don't know how to do this but ask again to
[EMAIL PROTECTED] for how to do this.

Sorry if this doesn't answer your question.

- Ian.












- Original Message -
From: "Martin Seehuusen" [EMAIL PROTECTED]
To: "Ian Sparks" [EMAIL PROTECTED]
Sent: Thursday, June 08, 2000 10:50 AM
Subject: Re: [Zope] How do you call the string?


Thank you for you help!

I think I need to explain a bit more! Sorry for not doing that in the first
place!

OK, I go into Properties for one of my files!
then I choose an ID, say "prop1"
Type could be, say "String"
then a value, say "first_value".

now what I would like is to call the string, and get up the ID and the
Value.
something like

dtml-var type_command

result:

ID: Prop1
Value: First_Value

Hope this explains a bit more! ;)

Thank you for your help.

Best regards

Martin Seehuusen





___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] xmlrpc problem

2000-06-09 Thread Andy Dawkins

Hi

I am having a small probelm with xmlrpc.  I am simply trying to create a new
object within Zope.  For now the object will be a DTMLDocument.

I have a DTML Method with the id of createDocument and it reads:

dtml-call "manage_addDTMLDocument('new_document','New Doc',contents)"
Done

I also have a xmlrpc python module that reads:

import xmlrpclib
s=xmlrpclib.Server("http://www.myserver.com/Zope/test/")
args={}
args=['contents']="This is the contents of the new file"
s.createDocument(args)

The traceback I get reads:

Traceback (innermost last):
File "stdin" line 1, in ?
File "xmlrpclib.py", line 550, in __call__
return self.__send(self.__name, args)
File "xmlrpclib.py", line 643, in __request
request
File "xmlrpclib.py", line 595, in request
headers
xmlrpclib.ProtocolError: Protocol Error for www.myserver.com/Zope/test/:
401 Unauthorized

If i change createDocument to read:

dtml-call "manage_addDTMLDocument('new_document','New Doc')"
Done

and change the python module to read:

import xmlrpclib
s=xmlrpclib.Server("http://www.myserver.com/Zope/test/")
s.createDocument()

Then it successfully creates the document.

So how do I successfully pass arguments in to the DTML method so that it can
populate the new document with the correct data?

Cheers
-Andy Dawkins
(New Information Paradigms Ltd)


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] zodbc performance question

2000-06-09 Thread Tino Wildenhain

Hi Julio,

we tested exactly this approach but run into some deadlock-situations.
Since it did not improve performance we now use only one
connection-object
per database.

Regards
Tino Wildenhain

julio dinis wrote:
 
 Hi all,
 
 Using zodbc, supose we have the following situation. One
 zodbc_database_connection and lots of zsql methods. Can we say that creating
 more zodbc_database_connection(with a system dsn for each one, but all
 pointing to the same database) and thus distribute the zsql methods avoiding
 to all use the same zodbc_connection, will increase performance. Dont tell
 me I have to test it, I will but some thougts here will help.
 
 Best regards,
 Júlio Dinis Silva
 
 Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
 
 ___
 Zope maillist  -  [EMAIL PROTECTED]
 http://lists.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists -
  http://lists.zope.org/mailman/listinfo/zope-announce
  http://lists.zope.org/mailman/listinfo/zope-dev )

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Extended characterset

2000-06-09 Thread Tino Wildenhain

Hi Ivan,

you may want to try out the modifier url_quote eg:

dtml-var arbitrary_greek_text url_quote

HTH
Tino Wildenhain

Ivan Mackintosh wrote:
 
 Hi,
 
 What I want to do is to allow users to be able to enter greek/mathematical
 symbols into a textbox. I have managed to do this but get the following
 problem -
 
 In the first dtml method the user clicks on a symbol button and that symbol
 is entered into the textbox. They then click on a submit button and the next
 dtml method is displayed.
 
 This method simply does a dtml-var REQUEST so that I can see the value
 of the previous textbox. The symbol has changed!
 
 On the first method I enter a lower case delta symbol and in the second I can
 see an 'a' with dots above it.
 
 If I change my code so that instead of inserting a symbol into the textbox it
 inserts the code delta; then when I get to the second dtml method the correct
 symbol is displayed. This is not very user friendly though.
 
 Is there somekind of encoding variable set in Zope? as if I do the same code
 in straight html then it works fine.
 
 Regards,
 Ivan
 
 ___
 Zope maillist  -  [EMAIL PROTECTED]
 http://lists.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists -
  http://lists.zope.org/mailman/listinfo/zope-announce
  http://lists.zope.org/mailman/listinfo/zope-dev )

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Re: FSSession newbie problem

2000-06-09 Thread Pavlos Christoforou

On Fri, 9 Jun 2000, Marcello Lupo wrote:

 dtml-var "FSSession('carrello')"br   It prints out "None"

I supose you mean  ...FSSession['carrello'] ..
 
 The FSSession is in the same folder of my two methods, may be this a
 problem?

No it should not

 one.
 Probably the second method point to a different session file than the
 first.

I also have dtml-call FSSession in my standard html header and I never
had problems. I will try a few tests when I return. Please keep me posted
if you continue having troubles.

Pavlos


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] redirecting from inside a frame

2000-06-09 Thread Jim Sanford



The onlyway I can think off, (which doesn't mean 
its the only way), is to launch a new window and send a HTML document whose 
content is JavaScript. It would either rewrite the original frame or the entire 
window depending on you original input and then close itself.

  - Original Message - 
  From: 
  Fusion Group 
  To: [EMAIL PROTECTED] 
  Sent: Thursday, June 08, 2000 6:03 
  PM
  Subject: [Zope] redirecting from inside a 
  frame
  
  I'm attempting to submit a form from inside of a 
  frame, and depending on the information submitted, redirect to a new page 
  which I no longer want displayed inside of that frame. I want the new 
  page to displayed in the full browser window, but not a new window. Any help 
  would be greatly appreciated.
  
  Regards,
  
  Chad


Re: [Zope] zodbc performance question

2000-06-09 Thread Francisco José Esteban Risueño

I think Zope creates itself a pool of connections to the database,
extending it
when he need more performance. In our installation, we see initially
seven
connection to Oracle (trough ODBC) generated by only one zodbc database
conection
object

Tino Wildenhain escribió:

 Hi Julio,

 we tested exactly this approach but run into some deadlock-situations.
 Since it did not improve performance we now use only one
 connection-object
 per database.

 Regards
 Tino Wildenhain

 julio dinis wrote:
 
  Hi all,
 
  Using zodbc, supose we have the following situation. One
  zodbc_database_connection and lots of zsql methods. Can we say that creating
  more zodbc_database_connection(with a system dsn for each one, but all
  pointing to the same database) and thus distribute the zsql methods avoiding
  to all use the same zodbc_connection, will increase performance. Dont tell
  me I have to test it, I will but some thougts here will help.
 
  Best regards,
  Júlio Dinis Silva
  
  Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
 
  ___
  Zope maillist  -  [EMAIL PROTECTED]
  http://lists.zope.org/mailman/listinfo/zope
  **   No cross posts or HTML encoding!  **
  (Related lists -
   http://lists.zope.org/mailman/listinfo/zope-announce
   http://lists.zope.org/mailman/listinfo/zope-dev )

 ___
 Zope maillist  -  [EMAIL PROTECTED]
 http://lists.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists -
  http://lists.zope.org/mailman/listinfo/zope-announce
  http://lists.zope.org/mailman/listinfo/zope-dev )

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Secure storage of credit card info

2000-06-09 Thread Jim Sanford

I use the int value of the datetime of the last transaction multiplied by a
random number generated for each day as the key to encrypt the CC data in my
RDBMS. Once the customer has identified themselves via a cookie or by
entering a customer id I can retrieve the last transaction datetime and use
the appropriate stored multiplier for that day to retrieve their CC info
from my DB.

The CC DB is a separate table in a separate location.

- Original Message -
From: "R. David Murray" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, June 08, 2000 7:57 PM
Subject: [Zope] Secure storage of credit card info


OK, any of you out there who have thought about ecommerce, cryptography,
and zope, I've got a design question for you.  Actually, this question
is independent of zope, but I need to solve it in a zope context.

You have a ZCommerce site.  You accept credit cards, and securely
communicate with a CC processor to verify the transacton.  Now,
you want to save the CC# and other info in case something needs
to be done with it later, and probably store the CC# so this
customer doesn't have to type it in again later.  Regardless
of whether you are storing this info in a relational database
or in the ZODB, how do you secure that information?  Ideally
I'd like it to be encrypted on disk.  Now, storing it in a database
probably makes it pretty hard to grep out even if a hacker
manages to snarf the database file, but I'd like to encrypt it.
But if I encrypt it, I have to have a decryption key somewhere.
Where do I store the decryption key so that the cracker who
snarfs the database file can't get it (just in memory somewhere?),
and yet have the system be able to boot itself, including having
the key, without human intervention?  It seems to me like
this is a Hard Problem, but I'm not up on the current
cyrptography practice.  So if there is a well known general
solution, I'd love to hear about it.  Otherwise, does anyone
know what current Best Practice is?

--RDM


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] redirecting from inside a frame

2000-06-09 Thread Rik Hoekstra





The onlyway I can think off, (which doesn't mean its the only way), is to
launch a new window and send a HTML document whose content is JavaScript. It
would either rewrite the original frame or the entire window depending on
you original input and then close itself.


[rh] Hm, even for frames, there is a more zopish way to do this using Phil
Harris' method (using target). Suppose you want to make a text and then
display it in a frameset (this may not have been your original question, but
it is just about the hardest to without javascript)
This bugged me for a long time, so I thought i'd write it down:

make your frameset look something like this:

html
head
title/title
/head
frameset rows="100px,*" BORDER=0 FRAMEBORDER=0 FRAMESPACING=0
  frame name="title" SRC="page1" SCROLLING=no
  frameset cols="150px,*" BORDER=0 FRAMEBORDER=0 FRAMESPACING=0
frame name="content" SRC="content" SCROLLING="NO" NORESIZE
dtml-if input
   frame name="text" SRC="dtml-var input"
dtml-else
   frame name="text" SRC="defaultpage"
/dtml-if
  /frameset
/frameset
/html

form method=post action="some_frameset?input=dtml-var id" target="_top"

of course you could complicate this for plain page/frameset etc, but that's
the easy part ;-)

hth

Rik


  - Original Message -
  From: Fusion Group
  To: [EMAIL PROTECTED]
  Sent: Thursday, June 08, 2000 6:03 PM
  Subject: [Zope] redirecting from inside a frame


  I'm attempting to submit a form from inside of a frame, and depending on
the information submitted, redirect to a new page which I no longer want
displayed inside of that frame.  I want the new page to displayed in the
full browser window, but not a new window. Any help would be greatly
appreciated.

  Regards,

  Chad



___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Zope logging with multilog (daemontools)

2000-06-09 Thread Frank Tegtmeyer

I provided a document that describes a setup for logging that uses the 
external logger program multilog.

multilog prevents filling the disk, provides filtering by patterns and 
exact TAI64N timestamps. It is designed to never loose any log data.
multilog is part of Daniel J. Bernsteins dameontools package.

You may find the article at
http://www.lightwerk.de/zope/logging

Regards, Frank

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Re: [ZCommerce] Secure storage of credit card info

2000-06-09 Thread Steve Spicklemire


 "RDM" == R David Murray [EMAIL PROTECTED] writes:

RDM On Thu, 8 Jun 2000, Bill Anderson wrote:
 Personally, I would store the actual data on a seperate server,
 not accessible to the public.

RDM Mmm.  Yes, that makes it more secure.  Still leaves the
RDM question of encryption/decryption of the data and key
RDM management, but it makes the cracking a lot less likely.  And
RDM Steve's EMarket product is designed for that scenario.

RDM I'd like to also have a one-box solution, though.  Based on
RDM some comments by one of the eTailor folks I'm now trying to
RDM see if I can structure the user/merchant interface so that
RDM the server doesn't need to decrypt the stuff without human
RDM intervention.

When I was originally setting up EMarket I wanted to do a 'two-box'
solution, but I only had one box handy at the moment. I set up a
second Zope instance on the same box to handle transactions (behind
apache-ssl) and it worked pretty well for testing. Of course if you
have only one box for production, you could use the same setup. So
there's no reason to make a solution 'one box' or 'two box', but it
could be 'one box.. two Zopes!'. ;-)

-steve

RDM --RDM


RDM ___ ZCommerce
RDM Mailing List - [EMAIL PROTECTED]
RDM http://lists.codeit.com/mailman/listinfo/zcommerce


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] How to init the body of a ZClass herited of DTML Method Class?

2000-06-09 Thread Frédéric Quin

Hi all,

I created a ZClass which herite of the DTML Method Class. Now, I want to init
the body of all my objects of ZClass with the same script. How can I acess to
this body ?


Thanks
Fred

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Re: FSSession newbie problem

2000-06-09 Thread Pavlos Christoforou

On Fri, 9 Jun 2000, Marcello Lupo wrote:


 
 1) Is necessary to call FSSession in every document of the site or is
 sufficient on the first page (home page of the e-com for example)?
  Becouse i noticed (obviously) that every time it open a file the HD.
 And i think this is a problem because every time it initialize a new
 session passing the new cookie to the Browser (i think).

Yes it is neccessary beacuse HTTP is stateless. It will only start a new
session if FSSession cannot find a valid UID either through a cookie or a
FORM or as part of te URL

 
 2) How may i change the value of an element in a dictionary contained in
 FSSession?
 
   Example: I have the object 'carrello' as in the examples before that
 contain a dictionary passed to it from the form.
   I store the quantity of the item ordered in the value
 'quantita_prodotto' in the object 'carrello'.
   If a user add another piece of that item i need to update the
 'quantita_prodotto' summing to it the new item.
   I think this is possible but i ignore the syntax to do this.
 

As you descripe in your example carrello is a dictinory. So one way is to
make quantitita_prodotto a list and append to it. Something like
untested

dtml-if "FSSession['carrillo'].has_key('quantita_prodotto')"
dtml-call 
"FSSession['carrillo']['quatita_prodotto'].append(REQUEST.form['quatita_prodotto'])"
dtml-else
!-- need to fake the = sign which cannot be used in DTML expr--
dtml-call "FSSession['carrillo'].update({'quatita_prodotto':[]})"

/dtml-if

plus some more logic to check if the variables are empty/correct etc ..

Pavlos


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] generic user folder 1.2.4

2000-06-09 Thread Dan L. Pierson

Stuart 'Zen' Bishop writes:
  
   Error type:KeyError
   Error Value:Parent_url
  
  You will need to post the traceback. Parent_url isn't used in GUF
  anywhere, so I'm guessing it is another product that is barfing.

Oops, I got bitten by this with LoginManager.  If it's the same bug,
it's a bogus error message that should really be trying to tell you
that you're trying to install a GUF but an acl_users folder already
exists in that folder.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] zodbc performance question

2000-06-09 Thread Tino Wildenhain



Francisco José Esteban Risueño wrote:
 
 I think Zope creates itself a pool of connections to the database, extending it
 when he need more performance. In our installation, we see initially seven
 connection to Oracle (trough ODBC) generated by only one zodbc database conection
 object

Yes, but it uses a housekeeping to prevent deadlocks. If you use more
connections
in the same dtml-document it may lead into the problems.
Imagine: 

connection1:update table
connection2:select from table

So connection1-object will never know there is an attempt to read from
the table
after the update. It will however "commit" the write when the document
is fully
generated. connection2-object will block therefore.

HTH
Tino Wildenhain

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Random line of Products

2000-06-09 Thread Oleg Broytmann

Hello!

   I created and published three demo toy Products I named them "Random"
Products, because each of them displays text, randomly selected from a list
prepared by webmaster. These Products differ in how they store the text
items. I learned a good deal of Zope internals while wrote it, and I hope
that looking into it will help people to learn Product API. I also run a
demo site for these Products.

   Source code: http://www.zope.org/Members/phd/Random/
   Demo site  : http://sun.med.ru/pcgi/Random/

DETAILS:

   The first Product, RandomLine was created from Boring Product - I just
learned Product API. The product stores text (edited in a texarea), splits
the text into a list of lines and when asked displays a random line.

   The second Product, RandomLine_v, is just a modified version of the
first. The difference is volatile attributes. I found (in RandomLine) that
I store both text and splitted list of strings in ZODB. I thought I need to
learn volatile attributes and this version stores only text in ZODB. The
splitted list stored in a volatile attribute and recomputed when
neccessary.

   The third Product, RandomItem, implements the same idea, but with
different implementation. The core class is ObjectManager-derived, and it
stores a list of items. Every item in turn stores multiline text.

Oleg.
 
 Oleg Broytmann http://www.zope.org/Members/phd/ [EMAIL PROTECTED]
   Programmers don't die, they just GOSUB without RETURN.


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Re: FSSession newbie problem

2000-06-09 Thread Hung Jung Lu

From: Pavlos Christoforou [EMAIL PROTECTED]
On Fri, 9 Jun 2000, Marcello Lupo wrote:
  1) Is necessary to call FSSession in every document of the site Yes it 
is neccessary beacuse HTTP is stateless. It will only start a new
session if FSSession cannot find a valid UID either through a cookie or a
FORM or as part of te URL

Pavlos: this is the part that is confusing to newbies. FSSession can be made 
in such a way that this initial call can be avoided. HappySession works that 
way: no need for explicit initialization. Matter of fact, in the very first 
call to the HappySession (any dictionary method), it does the initialization 
itself behind the scene. FSSession can do the same thing.

It's a minor detail, but anything to make a newbie's life easier is worth 
it. :)

regards,

Hung Jung


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




RE: [Zope] Getting a specific user role

2000-06-09 Thread Mabe, Brad

That did the trick.  Someday I'm going to get the hang of this stuff.

Thanks, Jason.

   -=Brad=-

-Original Message-
From: Jason Spisak
To: Mabe, Brad
Cc: '[EMAIL PROTECTED]'
Sent: 6/8/00 7:48 PM
Subject: Re: [Zope] Getting a specific user role

Mabe, Brad writes:

 Forgive me if this has been covered before.

There's no real great documentation on using the security API, and it's
changing a bit anyway.

 
 I am implementing a login/security scheme through the use of GUF and
SQL
 methods.  My user and role information is kept in a SQL database and a
user
 can have more than one role assigned to him/her.
 
 What I would like to do is check if a specific role has been assigned
to the
 current user, and then display some additional menu items if that role
has
 been assigned.  I haven't been able to figure out how to get and check
the
 roles that have been assigned to the current user.
 
 As usual, any help will be greatly appreciated.
 
  -=Brad=-

try:

dtml-if "AUTHENTICATED_USER.has_role('MyRole')"
My stuff
/dtml-if

Jason Spisak
CIO
HireTechs.com
6151 West Century Boulevard
Suite 900
Los Angeles, CA 90045
P. 310.665.3444
F. 310.665.3544

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )



___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Re: FSSession newbie problem

2000-06-09 Thread Pavlos Christoforou

On Fri, 9 Jun 2000, Hung Jung Lu wrote:

 Pavlos: this is the part that is confusing to newbies. FSSession can be made 
 in such a way that this initial call can be avoided. HappySession works that 

You are right. There is no real need for the initial call. It was
initially designed like this because I inherited directly from UserDict
and I was lazy to override every call to check whether FSSession was
initialized or not. Also and more important I wanted to be compatible with
SQLSession so the migrating users from one to the other will do so without
needing to change much of the code. The initial call is useful if you need
to pass parameters, like noCookie or _force_new_session etc etc.

Pavlos


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Getting a specific user role

2000-06-09 Thread Jason Spisak

Mabe, Brad writes:

 That did the trick.  Someday I'm going to get the hang of this stuff.
 

I have the hang of some stuff but get hung by the rest ;)

 Thanks, Jason.
 
-=Brad=-
 
 -Original Message-
 From: Jason Spisak
 To: Mabe, Brad
 Cc: '[EMAIL PROTECTED]'
 Sent: 6/8/00 7:48 PM
 Subject: Re: [Zope] Getting a specific user role
 
 Mabe, Brad writes:
 
  Forgive me if this has been covered before.
 
 There's no real great documentation on using the security API, and it's
 changing a bit anyway.
 
  
  I am implementing a login/security scheme through the use of GUF and
 SQL
  methods.  My user and role information is kept in a SQL database and a
 user
  can have more than one role assigned to him/her.
  
  What I would like to do is check if a specific role has been assigned
 to the
  current user, and then display some additional menu items if that role
 has
  been assigned.  I haven't been able to figure out how to get and check
 the
  roles that have been assigned to the current user.
  
  As usual, any help will be greatly appreciated.
  
   -=Brad=-
 
 try:
 
 dtml-if "AUTHENTICATED_USER.has_role('MyRole')"
 My stuff
 /dtml-if
 
 Jason Spisak
 CIO
 HireTechs.com
 6151 West Century Boulevard
 Suite 900
 Los Angeles, CA 90045
 P. 310.665.3444
 F. 310.665.3544
 
 Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
 address may not be added to any commercial mail list with out my
 permission.  Violation of my privacy with advertising or SPAM will
 result in a suit for a MINIMUM of $500 damages/incident, $1500 for
 repeats.
 
 ___
 Zope maillist  -  [EMAIL PROTECTED]
 http://lists.zope.org/mailman/listinfo/zope
 **   No cross posts or HTML encoding!  **
 (Related lists - 
  http://lists.zope.org/mailman/listinfo/zope-announce
  http://lists.zope.org/mailman/listinfo/zope-dev )
 
 


Jason Spisak
CIO
HireTechs.com
6151 West Century Boulevard
Suite 900
Los Angeles, CA 90045
P. 310.665.3444
F. 310.665.3544

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ZSQL method broken on 2.1.6

2000-06-09 Thread Phill Hugo

Umesh Soni wrote:
 
 (using zope 2.1.6 with ZMySQLDA-2.0.0a1 and MySQLdb-0.2.1)
 
 Hi there,
 
 I had this ZSQL method (simplified for clarity) working on 2.1.4
 
 select id, nickname  from bboard
 where id=50
 order by id desc
 limit 30

Remove either the limit 30 or the LIMIT 1000 Advanced property of the
ZSQL method (advanced tab). To speed things up, the limit 1000 appended
to the query to stop MySQL giving Zope lots of lines when it only wants
1000 anyway. Its not too clever though. There should maybe be a check to
see if "limit x" exists in the query.

Phill

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Re: [ZCommerce] Secure storage of credit card info

2000-06-09 Thread Ng Pheng Siong

On Thu, Jun 08, 2000 at 08:57:17PM -0400, R. David Murray wrote:
 You have a ZCommerce site.  You accept credit cards, and securely
 communicate with a CC processor to verify the transacton.  Now,
 you want to save the CC# and other info in case something needs
 to be done with it later

Hi,

Take a look at ZSmime, 

http://www.post1.com/home/ngps/zope/zsmime


Here's the blurb:

ZSmime enables Zope to generate S/MIME-signed/encrypted messages.

ZSmime is useful where Zope accepts confidential information over the
web, e.g., credit card numbers, Swiss bank account instructions, etc. 
Such information can be protected by ZSmime and relayed off-site 
immediately. This reduces the value of the information carried on-site
and in turn reduces the impact of a successful attack against the site.

Even if the S/MIME-protected information remains on-site, it is now 
encrypted - this introduces additional cost in defeating the protection 
and may mitigate the effect of a successful site penetration.

ZSmime adds a DTML tag "dtml-smime" to Zope. 


-- 
Ng Pheng Siong [EMAIL PROTECTED] * http://www.post1.com/home/ngps


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] ZDiscussions in classes?

2000-06-09 Thread Alexander Limi

Hi,

I have a problem with getting ZDiscussion working the way I want it to.
First a little background, so it becomes easier for me to explain what I
want to do:

On my site I have several users (called "artists") that I have built a
ZClass for. This Artist-ZClass contains a propertysheet with the properties
of the artist, it also subclasses ObjectManager, so the artists can add
their own pictures in their own object.

This works excellent, and I am about to take the next step - adding a
discussion forum on each artist, so people can discuss the artist's work
directly on his pages.

I then tried to add a ZDiscussion Topic ("discuss") in the ZClass. (I also
regenerated the methods before proceeding, to get the default interface.)

When I tried to access the discussion at:

http://my.host/artists/testartist/discuss

Zope asks me for a login, and not even the superuser can access it.

Either my thinking is screwed up (it often is ;), or it is impossible to
accomplish this with ZDiscussions. Could anyone offer me some insight as to
what I'm doing wrong here?

--
Alexander Limi
[EMAIL PROTECTED]


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ZSQL method broken on 2.1.6

2000-06-09 Thread Umesh Soni



 Umesh Soni wrote:
  
  (using zope 2.1.6 with ZMySQLDA-2.0.0a1 and MySQLdb-0.2.1)
  
  Hi there,
  
  I had this ZSQL method (simplified for clarity) working on 2.1.4
  
  select id, nickname  from bboard
  where id=50
  order by id desc
  limit 30
 
 Remove either the limit 30 or the LIMIT 1000 Advanced property of the
 ZSQL method (advanced tab). To speed things up, the limit 1000 appended
 to the query to stop MySQL giving Zope lots of lines when it only wants
 1000 anyway. Its not too clever though. There should maybe be a check to
 see if "limit x" exists in the query.
 
 Phill
 

Thanks Phill, that did the trick --strange thing though the 'Maximum
number of rows retrieved attribute' was set to 100 not 1000 as the
error reported --I changed it to 30.

Anyway it's working now --cheers.

Umesh Soni.


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] RE: [ZCommerce] Secure storage of credit card info

2000-06-09 Thread Meilicke, Scott

Hi there,

I know your post indicates you've thought about this, but you may want to
reconsider storing CC info at all.  It's a trade off on convenience for the
customer and security precautions on your site.  If you don't have the
numbers, that's one less thing an intruder could do with your information
when they do break in.  If you do store CC info, you should probably offer
the option to not store the CC#.  I know I don't like my CC info in a
merchant database, encrypted or not.

Scott

-Original Message-
From: R. David Murray [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 08, 2000 5:57 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [ZCommerce] Secure storage of credit card info


OK, any of you out there who have thought about ecommerce, cryptography,
and zope, I've got a design question for you.  Actually, this question
is independent of zope, but I need to solve it in a zope context.

You have a ZCommerce site.  You accept credit cards, and securely
communicate with a CC processor to verify the transacton.  Now,
you want to save the CC# and other info in case something needs
to be done with it later, and probably store the CC# so this
customer doesn't have to type it in again later.  Regardless
of whether you are storing this info in a relational database
or in the ZODB, how do you secure that information?  Ideally
I'd like it to be encrypted on disk.  Now, storing it in a database
probably makes it pretty hard to grep out even if a hacker
manages to snarf the database file, but I'd like to encrypt it.
But if I encrypt it, I have to have a decryption key somewhere.
Where do I store the decryption key so that the cracker who
snarfs the database file can't get it (just in memory somewhere?),
and yet have the system be able to boot itself, including having
the key, without human intervention?  It seems to me like
this is a Hard Problem, but I'm not up on the current
cyrptography practice.  So if there is a well known general
solution, I'd love to hear about it.  Otherwise, does anyone
know what current Best Practice is?

--RDM


___
ZCommerce Mailing List - [EMAIL PROTECTED]
http://lists.codeit.com/mailman/listinfo/zcommerce

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Zope-Edu?

2000-06-09 Thread T.J. Mannos

What ever became of Zope-Edu?  Have they disbanded?

- T.J.


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ZCatalog and Search Results

2000-06-09 Thread Aaron Payne

Jason,
I believe the ZCatalog is indexing the new instances because I can see them 
in the catalog in the management interface.
-Aaron


At 03:42 pm 6/9/00 +, Jason Spisak wrote:
   Just out of curiousity, what is making you think it's indexing it?

All my best,

Jason Spisak


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ZDiscussions in classes?

2000-06-09 Thread Cary O'Brien

 charset="iso-8859-1"
 
 Hi,
 
 I have a problem with getting ZDiscussion working the way I want it to.
 First a little background, so it becomes easier for me to explain what I
 want to do:
 
 On my site I have several users (called "artists") that I have built a
 ZClass for. This Artist-ZClass contains a propertysheet with the properties
 of the artist, it also subclasses ObjectManager, so the artists can add
 their own pictures in their own object.
 
 This works excellent, and I am about to take the next step - adding a
 discussion forum on each artist, so people can discuss the artist's work
 directly on his pages.
 
 I then tried to add a ZDiscussion Topic ("discuss") in the ZClass. (I also
 regenerated the methods before proceeding, to get the default interface.)
 
 When I tried to access the discussion at:
 
 http://my.host/artists/testartist/discuss
 
 Zope asks me for a login, and not even the superuser can access it.
 
 Either my thinking is screwed up (it often is ;), or it is impossible to
 accomplish this with ZDiscussions. Could anyone offer me some insight as to
 what I'm doing wrong here?
 

Do you have anonymous access turned off? (I.E. do you need a password
to view anything?)  If you cancel the request, do you get a traceback
pointing to something in the TreeTag file? If so, you may need to
allow anonymous users to access content information for the
discussions.

I don't understand why this should be the case, and I couldn't
debug it because I couldn't figure out what validate did.

-- cary

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Zope-Edu?

2000-06-09 Thread Rik Hoekstra



What ever became of Zope-Edu?  Have they disbanded?


No, on the contrary: revived. See
http://www.zope.org/Wikis/zope-edu/FrontPage
There is also a sourceforge site.

Contributions more than welcome

Rik


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Re: [ZCommerce] Secure storage of credit card info

2000-06-09 Thread Graham Chiu

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In article [EMAIL PROTECTED], Ng Pheng Siong
[EMAIL PROTECTED] writes
Take a look at ZSmime, 

http://www.post1.com/home/ngps/zope/zsmime


Hi,

Any ETA on the Win32 binaries?

- -- 
Regards,  Graham Chiu
gchiuatcompkarori.co.nz
http://www.compkarori.co.nz/index.php
Powered by Interbase and Zope

-BEGIN PGP SIGNATURE-
Version: PGPsdk version 1.7.1

iQA/AwUBOUCjubTRdIWzaLpMEQKpMACgnwmcR4sNmRpNk0g4Nm6RLq9O6lsAoIi3
PMOYM6R69bu0DbW8IBgScTwE
=1D+1
-END PGP SIGNATURE-

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ZDiscussions in classes?

2000-06-09 Thread Alexander Limi


 Do you have anonymous access turned off? (I.E. do you need a password
 to view anything?)

I can view the main artist page just fine.

 If you cancel the request, do you get a traceback
 pointing to something in the TreeTag file? If so, you may need to
 allow anonymous users to access content information for the
 discussions.

I get the following:

Unauthorized

You are not authorized to access this resource.
Username and password are not correct.

Traceback (innermost last):
  File D:\Programs\Zope\lib\python\ZPublisher\Publish.py, line 214, in
publish_module
  File D:\Programs\Zope\lib\python\ZPublisher\Publish.py, line 179, in
publish
  File D:\Programs\Zope\lib\python\ZPublisher\Publish.py, line 151, in
publish
  File D:\Programs\Zope\lib\python\ZPublisher\BaseRequest.py, line 446, in
traverse
  File D:\Programs\Zope\lib\python\ZPublisher\HTTPResponse.py, line 551, in
unauthorized
Unauthorized: (see above)

 I don't understand why this should be the case, and I couldn't
 debug it because I couldn't figure out what validate did.

But you get the same error? And it's supposed to (ie: not horribly bad
thinking on my part? :) be possible to do this?

--
Alexander Limi
[EMAIL PROTECTED]


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Dynamically Picking which object to display

2000-06-09 Thread Tino Wildenhain

Hi Jason,

Jason Lee wrote:
 
 I'm fairly new to Zope, so this may be a dumb question, and my vocabulary could
 be wrong, so please bear with me.
 
 I'm in the middle of building an e-commerce solution for my company, and we're
 evaluating Zope (and PHP and Servlets, but that's immaterial) as the platform on
 which to base this solution.  That doesn't necessarily mean anything other than
 to give you context.  One of the problems I'm facing right now is how to display
 a particular object based on a value.  For example, let's say a user tries to
 access www.foo.com/MyAccount/CCInfo.  If the user has authenticated, I need to
 show him the obviously sensitive data he has requested.  If he is not
 authenticated, however, I need to give him a login screen which, for argument's
 sake, is in the DTML document Login in the root folder.  How would I go about
 doing that?  Am I making sense?  Thanks...

We have done it for an (closed to the public) e-commerce solution which 
could not be done with http-authentication (we have 2 user-names and one
password for authentication for historical reasons)
Se we needed a solution and found it as a simple solution with the
standard
header of all documents wich include some kind of session-management
down
the protected path. If the user is authenticated, the session management
keeps
track of it and provides useful data to all pages where it is included.
If the session is timed out or a not authenticated user tries to access
some
pages, the session-management (a dtml-method) sends a redirect to 
the login-page.

I can give a more detailed description on request. 

But at least: yes, you can do it; yes, it makes sense

HTH
Tino Wildenhain

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] YA newbie question

2000-06-09 Thread Tino Wildenhain

Hi Randy,

 ...
I figured this would be easy to do with Zope.  I created a subdirectory
 called "modules" and put some modules into that; for example, "leftbuttons"
 is a dtml method containing a table data block which contains the standard
 left menu button HTML.  I figured I could whip up a page and at the
 appropriate place in that page, do a 'dtml-var "modules.leftbuttons"' and
 have that code inserted into the page.
 
That was my thinking.  "leftbuttons" views properly by itself.  However,
 when I try that dtml-var statment above, the page displays raw HTML.

try the following:
either:

dtml-var "modules.leftbuttons()"

or:

dtml-with modules
dtml-var leftbuttons
/dtml-with

the reason for this is: anything inside "" is a python expression,
meaning
it is interpreted as if you typed it into an running python-interpreter
(with the zope-context around, of course).
So python calls the ojects __repr__() method here to display it. For
string-like
objects __repr__==__str__ (with single quotes arount them)
For some zope objects "self-displaying" means showing their data as
source.

If you use dtml-var  without the quotes, zope does do some magic with
the __call__() method of the object. Calling a dtml-method renders its
output
rather then the source.
This is what is done in the first variant.

NB: often you have to provide the documents context to the method, 
so the above call is somthing like dtml-var
"modules.leftbuttons(_,_.None)"
(or such like - have to look again over some documentation or the list
for this)

HTH
Tino Wildenhain

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Unless not quite the opposite of if?

2000-06-09 Thread Dieter Maurer

Curtis Maloney writes:
  On Fri, 09 Jun 2000, Dieter Maurer wrote:
   Curtis Maloney writes:
  ... dtml-unless does not work ...
  
   ... Seems that you make something wrong ...
  
  It doesn't.  Really.  I'm certain of this.  The key was not there, and yet 
  the unless was not rendered.  This is why I'm posting.  It's not working as 
  it should.
  
  I guess I'm funny like that.  I only post problems when they exist.

Sorry!
But some problem reports are difficult to believe.

I tried the following DTML-method with Zope 2.1.6:

dtml-var standard_html_header
dtml-unless "0"should renderbr/dtml-unless
dtml-unless "1"should not render/dtml-unless
dtml-unless "REQUEST.has_key('XXX')"should renderbr/dtml-unless
dtml-call "REQUEST.set('XXX',1)"
dtml-unless "REQUEST.has_key('XXX')"should not render/dtml-unless
dtml-var standard_html_footer

It worked as expected.

No hint that "dtml-unless" could be faulty.


Dieter

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] ZSQL method broken on 2.1.6

2000-06-09 Thread Andreas

Umesh Soni wrote:
 
  Umesh Soni wrote:
  
   (using zope 2.1.6 with ZMySQLDA-2.0.0a1 and MySQLdb-0.2.1)
  
   Hi there,
  
   I had this ZSQL method (simplified for clarity) working on 2.1.4
  
   select id, nickname  from bboard
   where id=50
   order by id desc
   limit 30
  
  Remove either the limit 30 or the LIMIT 1000 Advanced property of the
  ZSQL method (advanced tab). To speed things up, the limit 1000 appended
  to the query to stop MySQL giving Zope lots of lines when it only wants
  1000 anyway. Its not too clever though. There should maybe be a check to
  see if "limit x" exists in the query.
  
  Phill
  
 
 Thanks Phill, that did the trick --strange thing though the 'Maximum
 number of rows retrieved attribute' was set to 100 not 1000 as the
 error reported --I changed it to 30.
 

I`m  interested in your thoughts about ZSQLMethod's advanced 
property 'Maximum number of rows retrieved'. It`s default value is 1000. 
Some DA's like PyGreSQLDA takes no notice on this value while PoPyDA
pays 
attention of this property.

Assumed there is a table foo on my DB with actually 2000 records some
DA's
return only 1000 on table scans like 'select * from foo' and 10 records
on 
'select * from foo limit 10 offset 1100' (if offset is supported by the
RDBMS).

How can I know how many records will match at max to my select
statement? 

ZSQLMethod's "advanced" property 'Maximum number of rows retrieved'
makes no sense to me. 

As I know so far there is no way to disable this property or to set a
value like 'maximum'


-- 
_
Andreas Heckel[EMAIL PROTECTED]

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] dtmll-in variables

2000-06-09 Thread ethan mindlace fremen

josh on wrote:

 great, thanks a lot!
 
 I think that this page should be updated with this info:
 
 http://www.zope.org/Documentation/Guides/DTML-HTML/DTML.7.2.html
 
 unless I am wrong.

It should.  However, because the method used to generate the "old" guides is not
the method that will be used to generate the new guides.  The new guides, which
will be cvs backed and much more amenable to community update, will be coming
along: please see the "documentation chat",
http://www.zope.org/Documentation/Chats/doc_chat

for more information.

ethan mindlace fremen
Zopatista Community Liason

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] WorldPilot - Attachments and quotes within the subject

2000-06-09 Thread Bryan Stillwell

On Fri, 9 Jun 2000, Paul Gresham wrote:

 Excellent, thanks Bryan. I have another question? Do you have problems with
 browsers not obtaining the correct filenames of attachments when they are
 downloaded, i.e. the file becomes ATT0002.DAT or similar? I have this
 problem and also if I choose to download a file and then cancel the dialog,
 everything seems to get stuck, and I have to close the browser and start
 again.

Yeah, I have that same problem!  I'll have to take a look at it here soon.
I've attached another patch that you might find useful.  It appears that
WorldPilot barfs if the subject contains a quotation mark in it, but this
patch fixes it.  Also if you would like to try out the rpm and srpm I've
been working on for WorldPilot you can check them out here:

http://www.verinet.com/~arcane/worldpilot/worldpilot-1.0.4-6.noarch.rpm
http://www.verinet.com/~arcane/worldpilot/worldpilot-1.0.4-6.src.rpm

The only thing you'll have to change is the DOMAIN.py file.  Both of the
patches I've done so far have been included.  :)

Note: These are experimental RPMs, so you might want to not install them
on a mission critical server right away.  I personally haven't had any
problems, but you never know...  The only thing I'm worried about is what
happens if you try to install the rpm over a previous installation from a
tarball.  (Should work though)  You'll also have to restart Zope.

Bryan


--- WorldPilot.orig/WPUtil.py   Mon Jan 31 14:52:54 2000
+++ WorldPilot.mine/WPUtil.py   Fri Jun  9 16:04:41 2000
@@ -90,6 +90,7 @@
 import re

 import time

 import string

+import regsub
 try:

 import DateTime

 except: pass

@@ -101,7 +102,7 @@
   r'.*"')

 

 LiteralString = re.compile(r'\s*\{(?PSize\d+)\}(?PRest.*)')

-QuotedString = re.compile(r'\s*"(?PString[^"]*)"(?PRest.*)')

+QuotedString = re.compile(r'\s*"(?PString.*?[^\\](?="))"(?PRest.*)')
 ListOpen = re.compile(r'\s*\((?PRest.*)')

 ListClose = re.compile(r'\s*\)(?PRest.*)')

 Atom = re.compile(r'\s*(?PAtom\\?[\w\[\]\.]+)(?PRest.*)')

@@ -173,10 +174,14 @@
 conts=conts[1:]

 while line!="":

 m=QuotedString.match(line)

-if m:

-c.append(m.group('String'))

-line=m.group('Rest')

-continue

+if m:
+# BS: IMAP returns quotes backslashed, so we must
+# remove the backslash here.
+cur_string = m.group('String')
+cur_string = regsub.gsub(r'\\"', '"', cur_string)
+c.append(cur_string)
+line=m.group('Rest')
+continue
 m=ListOpen.match(line)

 if m:

 n=[]




[Zope] Multithreading in zope and python

2000-06-09 Thread sudhir

I am using Zope-2.1.6.
I have python 1.5.2 with multithreading on.

But my zope still runs in single thread.
I have changed the start script, to have PYTHONHOME="/usr:$reldir" and
taken out the -D flag.

Any suggestions on how to turn on multithreading will be appreciated.

Thank you,
-- sudhir




___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] user contributions to Zope.org

2000-06-09 Thread Ken Manheimer

[As per ethan's request, i'm following up to zope-web, and set the
reply-to to zope-web, so the conversation continues there.]

Graham Chiu wrote:

 This has been mentioned before, but some sites like the main PHP one
 allow visitors to add comments to web pages.

 My thought was that this should be relatively easy to implement with the
 Zope.org site.  A small form at the bottom of each page, URL0 indexed in
 a SQL table, and when a page is accessed, commentary is returned ordered
 by submission date.

 You may wish to allow only members rather visitors to make comments.

 Anything wrong with this scenario ( apart from comments not being
 Catalogued ) ?

I think this is a great idea - i think being able to put the right
things in just the right places is critical for scalable
collaboration, and often the right place for comments and dialogues
about a page are attached to the page.

The hard part in achieving this, to me, is arranging for reasonably
organization of the commentary - so it doesn't clutter the original
page, and so the accumulation has some kind of useful internal
relationships.  I don't think that's been adequately solved, yet.

Weblogs provide some organizational features - threading, moderation
filters, etc - but they still wind up being way too haphazard for my
tastes.  (I, for one, hardly ever find slashdot discussions to be
worth much, despite careful exercise of moderation thresholds.)

I think wikis' easy editing, linkability, etc, along with my nesting
additions, may provide a basis for something better - but there would
need to be some mroe imposition of structuring.  Just reediting other
peoples stuff, even with the best of intentions *and* version history
for differencing, is too haphazard.

I just saw something very cool from ka-ping yee (a really smart python
guy) for external annotation of web pages:

  http://crit.org/

that may be the kind of thing we'd need.  I imagine an addition to
structured text, and dtml, for explicit annotation markup:

 - structured text could have stuff like

 [+annotation textcontent text+]

 - which yields dtml like:

   dtml-note supportannotation textdtml-contentcontent text/dtml-note

   which yields markup like:

   a href="annotations/commentx"
   img alt="[support] klm: annotation text"
src="link-l-b.gif"/a
   content texta href="annotations/commentx"
   img alt="![support] klm: annotation text"
 src="link-r-b.gif" width="9"

   (where the images are little annotation begin/end arrow glyphs).

The idea is that the alt-text conveys the contents of the comments,
with the glyphs indicating the class - comment, support, concern,
question, etc.  The annotations/commentx would be a document in its
own right - wiki-like - where discussion of the annotation - with it's
*own* annotations - could grow.

And for implicit annotation, with annotation separate from the target
text zope text documents (dtml methods and documents, wiki pages,
other derivatives) would all provide annotation features similar to
what the crit.org mediator site does, but without requiring the separate
mediator site...

(I don't know how many of you are familiar with talmudic scholarship,
or marginalia in ancient chinese medicine, eg [...quick google
search...] the yellow emporer's Nei Jing - both texts have layers and
layers of crucial commentary, gradually retained and accumulated
across millenia.  The trick, in this modern age, will be in getting
more, um, immediate, self-organization)
   
Ken Manheimer
[EMAIL PROTECTED]

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




[Zope] Re: user contributions to Zope.org (Mangled text)

2000-06-09 Thread Hung Jung Lu

Not to be picky, Ken, but since you are from Digicool... could you take a 
look at your own message at:

http://www.egroups.com/message/zope/33350?start=33322

(I checked both IE and Netscape, from PC.)

Lately there have been quite a few mangled messages at egroups. Could you 
find out what went wrong and let people know how to prevent this kind of 
mangling? I have heard people saying repeatedly that please do not use 
HTML-format e-mail messages, did you use HTML format? Or is it related to a 
particular mail software that you use?

regards,

Hung Jung


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] Problems with SybaseDA

2000-06-09 Thread Bill Anderson

 A J Wilson wrote:
 
 I have experimented some more and I think I have isolated the problem
 by importing the module into python and playing with the code that
 uses it (eg db.py and DA.py).
 
 Firstly I found that I had to change some of the environment variables
 in the Makefile.pre.in to point to where Makdrake 7 stores python (ie
 /usr rather than /usr/local). Then I made sure that SYBASE and
 LD_LIBRARY_PATH were set in my shell before compiling the code.
 
 Next I imported sy_occ into python and started playing it (I made sure
 SYBASE and LD_LIBRARY_PATH were set correctly by inspecting
 os.environ). I found that in db.py there is a line of code
 "_context=sy_occ.cs_ctx_alloc()" which when called causes a
 segmentation fault and a core dump.  When this line is commented out
 Zope can start successfully and thinks that the SybaseDA is correctly
 installed but obviously it doesn't actually work.
 
 I am using Jeff Rush's rpm version of Zope and have set SYBASE and
 LD_LIBRARY_PATH through .bashrc in user zope's home directory.  Does
 this sound like the right way to do it?

I put it in the zope startup script, myself. I also put it in the
Zope.cgi fle just to be sure. Remember that unless otherwise told to,
Zope runs as nobody.

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] logout

2000-06-09 Thread Michel Pelletier



James Cummings wrote:
 
 Ok, since I haven't found this by searching the site or the mailing list
 archive, is it possible to logout as superuser? I would like to be able to
 login as a different user, but I haven't been able to find out how to do this.

This question comes up every now and then and the answer is Yes, and
No.  To logout, close your browser.

You might think that sucks but there is nothing Zope can do about it,
HTTP is a stateless protocol, you are never really 'logged in', but
rather your browser caches your authentication information and provides
it to Zope for *every* request to a protected resource.  There are a
couple of things you can do:

dtml-raise Unauthorized
/dtml-raise

Will cause your browser to pop up a new login box, here you can either
re-login as someone else or hit 'Cancel' and your browser *should* clear
it's authentication cache.

An alternative is that you can engineer a cookie based solution.

-- 

-Michel Pelletier

http://www.zope.org/Members/michel/MyWiki

Visit WikiCentral for the latest Zen:

http://www.zope.org/Members/WikiCentral

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )