date:20060208

Log message for revision 41574:
  Fix missing import :-S

Changed:
  U   Zope/branches/Zope-2_8-branch/lib/python/Zope2/App/startup.py

-=-
Modified: Zope/branches/Zope-2_8-branch/lib/python/Zope2/App/startup.py
===
--- Zope/branches/Zope-2_8-branch/lib/python/Zope2/App/startup.py   
2006-02-07 15:29:16 UTC (rev 41573)
+++ Zope/branches/Zope-2_8-branch/lib/python/Zope2/App/startup.py   
2006-02-08 10:51:24 UTC (rev 41574)
@@ -280,9 +280,10 @@
 except AttributeError:
 # Most likely some product forgot to call __of__()
 # on the user object.
-LOG('AccessControl', WARNING,
-'A user object of type %s has no aq_parent.'
-% str(type(auth_user)))
+ac_logger.warning(
+'A user object of type %s has no aq_parent.',
+type(auth_user)
+)
 auth_path = request_get('AUTHENTICATION_PATH')
 else:
 auth_path = '/'.join(auth_folder.getPhysicalPath()[1:-1])

___
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] SVN: Zope/branches/2.9/lib/python/Zope2/App/startup.py Fix missing import.

Log message for revision 41575:
  Fix missing import.

Changed:
  U   Zope/branches/2.9/lib/python/Zope2/App/startup.py

-=-
Modified: Zope/branches/2.9/lib/python/Zope2/App/startup.py
===
--- Zope/branches/2.9/lib/python/Zope2/App/startup.py   2006-02-08 10:51:24 UTC 
(rev 41574)
+++ Zope/branches/2.9/lib/python/Zope2/App/startup.py   2006-02-08 10:53:48 UTC 
(rev 41575)
@@ -287,9 +287,10 @@
 except AttributeError:
 # Most likely some product forgot to call __of__()
 # on the user object.
-LOG('AccessControl', WARNING,
-'A user object of type %s has no aq_parent.'
-% str(type(auth_user)))
+ac_logger.warning(
+'A user object of type %s has no aq_parent.',
+type(auth_user)
+)
 auth_path = request_get('AUTHENTICATION_PATH')
 else:
 auth_path = '/'.join(auth_folder.getPhysicalPath()[1:-1])

___
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] SVN: Zope/trunk/lib/python/Zope2/App/startup.py Fix missing import :-S

Log message for revision 41576:
  Fix missing import :-S

Changed:
  U   Zope/trunk/lib/python/Zope2/App/startup.py

-=-
Modified: Zope/trunk/lib/python/Zope2/App/startup.py
===
--- Zope/trunk/lib/python/Zope2/App/startup.py  2006-02-08 10:53:48 UTC (rev 
41575)
+++ Zope/trunk/lib/python/Zope2/App/startup.py  2006-02-08 10:55:20 UTC (rev 
41576)
@@ -285,9 +285,10 @@
 except AttributeError:
 # Most likely some product forgot to call __of__()
 # on the user object.
-LOG('AccessControl', WARNING,
-'A user object of type %s has no aq_parent.'
-% str(type(auth_user)))
+ac_logger.warning(
+'A user object of type %s has no aq_parent.',
+type(auth_user)
+)
 auth_path = request_get('AUTHENTICATION_PATH')
 else:
 auth_path = '/'.join(auth_folder.getPhysicalPath()[1:-1])

___
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

[Zope-Checkins] SVN: Zope/branches/Zope-2_8-branch/lib/python/OFS/Application.py Fix : transaction().abort() - transaction.abort()

2006-02-08 Thread Julien Anguenot

Log message for revision 41579:
  Fix : transaction().abort() - transaction.abort()

Changed:
  U   Zope/branches/Zope-2_8-branch/lib/python/OFS/Application.py

-=-
Modified: Zope/branches/Zope-2_8-branch/lib/python/OFS/Application.py
===
--- Zope/branches/Zope-2_8-branch/lib/python/OFS/Application.py 2006-02-08 
15:43:05 UTC (rev 41578)
+++ Zope/branches/Zope-2_8-branch/lib/python/OFS/Application.py 2006-02-08 
15:45:05 UTC (rev 41579)
@@ -841,7 +841,7 @@
 list(Folder.Folder.__ac_permissions__)+new_permissions)
 
 if not doInstall():
-transaction().abort()
+transaction.abort()
 else:
 transaction.get().note('Installed product '+product_name)
 transaction.commit()

___
Zope-Checkins maillist  -  Zope-Checkins@zope.org
http://mail.zope.org/mailman/listinfo/zope-checkins

Re: [Zope-dev] No more access to username

2006-02-08 Thread Beat Rubischon

Hello!

Am 3.2.2006 14:10 Uhr schrieb Beat Rubischon unter [EMAIL PROTECTED]:

 Until Zope 2.8.3 it was possible to access to the name of the logged in
 user also in a public accessible method.

 This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.

Finally, I found the bug: Zope is OK, it was my browser session which seemed
to be screwed up *shame*

I restarted Zope several times, installed alternate versions - but I never
restarted my Firefox nor I tried a different browser or a different client.
Yesterday I tried to reconstruct the bug on my office PC and everything went
OK.

Sorry for the disruption!

Beat

-- 
 \|/   Beat Rubischon [EMAIL PROTECTED]
   ( 0^0 ) http://www.0x1b.ch/~beat/
oOO--(_)--OOo---
Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/


___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] buildbot failure in Zope trunk 2.4 Windows 2000 zc-bbwin6

2006-02-08 Thread buildbot

The Buildbot has detected a failed build of Zope trunk 2.4 Windows 2000 
zc-bbwin6.

Buildbot URL: http://buildbot.zope.org/

Build Reason: changes
Build Source Stamp: 3023
Blamelist: 
anguenot,chrisw,dobe,efge,flindner,hdima,jim,mkashkin,oestermeier,poster,rocky,shane,srichter,tseaver,yuppie

BUILD FAILED: failed failed slave lost

sincerely,
 -The Buildbot

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] how to run zope 2.9 testrunner ?

2006-02-08 Thread Simon Michael


Hi all,

I would appreciate it if someone would post a transcript of running 
product tests with the Zope 2.9 testrunner.


Thanks
-Simon

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: how to run zope 2.9 testrunner ?

2006-02-08 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Simon Michael wrote:

 I would appreciate it if someone would post a transcript of running
 product tests with the Zope 2.9 testrunner.


- From an instance home:

 $ cd projects/CMF/cmf_test/z29_cmfhead/
 $ bin/zopectl test -m Products.CMFCore
 Running tests via:
/home/tseaver/projects/Zope-CVS/Zope-2_9-branch/../bin/python2.4
/home/tseaver/projects/Zope-CVS/Zope-2_9-branch/test.py -v --config-file
/home/tseaver/projects/CMF/cmf_test/z29_cmfhead/etc/zope.conf -m
Products.CMFCore
 Parsing /home/tseaver/projects/CMF/cmf_test/z29_cmfhead/etc/zope.conf
 Running tests at level 1
/home/tseaver/projects/Zope-CVS/Zope-2_9-branch/lib/python/OFS/Application.py:598:
DeprecationWarning: The zLOG package is deprecated and will be removed
in Zope 2.11. Use the Python logging module instead.
  ('New disk product detected, determining if we need '
 Running unit tests:
   Running:
..
..

etc.  Without the '-m Products.CMFCore', it would run tests for all
products in the instance home.

Tres.
- --
===
Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
Palladion Software   Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD6n7i+gerLs4ltQ4RAlTKAKCE1BzRINmBHAK3Ku0vjFKFCi0KwACeIepj
dA2vDx2buar0VXWN+Y0sM+Y=
=s04l
-END PGP SIGNATURE-

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: how to run zope 2.9 testrunner ?

2006-02-08 Thread Simon Michael


Thanks.. that doesn't work for me, ideas anyone ?

/zope2$ bin/zopectl test
/zope2.9/lib/python/App/ImageFile.py:21: DeprecationWarning: Using 
OFS.content_types is deprecated (will be re\moved in Zope 2.11). Instead 
use zope.app.contenttypes.

  from OFS.content_types import guess_content_type
Traceback (most recent call last):
  File /zope2.9/lib/python/Zope2/Startup/zopectl.py, line 316, in ?
main()
  File /zope2.9/lib/python/Zope2/Startup/zopectl.py, line 277, in main
c.onecmd( .join(options.args))
  File /usr/lib/python2.3/cmd.py, line 210, in onecmd
return func(arg)
  File /zope2.9/lib/python/Zope2/Startup/zopectl.py, line 243, in do_test
assert os.path.exists(script)
AssertionError
/zope2$ echo $PYTHONPATH
/zope2:/zope2.9/lib/python
/zope2$

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: how to run zope 2.9 testrunner ?

2006-02-08 Thread Simon Michael

I got it working by copying $ZOPE_SRC/test.py to $SOFTWARE_HOME/bin. 
make install doesn't do this - it seems 
http://www.zope.org/Collectors/Zope/1989 was overlooked.


Your example got me there, thanks a lot.


___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope )

Re: [ZWeb] zope web status report 2006-02-06

2006-02-08 Thread Martin Aspeli


Hi Martijn,

* are we going to target Zope 3 only with this site, or Zope 2 as well?  
I wrote text to cover both, as Zope 2 is currently the breadwinner of  
most of us. I think we can get enthusiasm more easily for Zope 3  
however; nobody is going to write Zope 2 tutorials. What do we do?


I would say, let's not bite off more than we can chew. Getting a punch  
web-site is not easy. The hard part is reducing the amount of content, not  
creating it. I'd say focus on Zope 3 for now - it's what we want to  
promote as the next big thing, it's what realistically holds a candle to  
e.g. Rails and it's more pythonic in the sense that the rest of the  
python world may take more of an interest in it.


* we need to answer the question whether we want a famous  
low-amounts-of-minutes how do you build app Foo in Zope 3 screencast.  
If so, someone will need to design it.


I think Paul Everitt has done some screen casts before. You should talk to  
him about his experiences and what software he uses.


* are we going to do a newsletter or not? I worry about having it be up  
to date, but if we get some volunteers I'm not against it. If this turns  
out to be hard, then we'd better focus on the website, not a newsletter,  
as this gives us far more marketing pay-off. (zope.org is currently  
anti-marketing zope)


Who subscribes to a newsletter? :-)

Again, let's do the big-wins first. Newsletters can be added if the  
traffic and volunteers warrant it.



Volunteers
--

* we need inspired writers to improve the texts and organize it further.  
We need a good marketing message.


I don't think I'm far enough into zope 3 to come up with much of this, but  
I'm quite good with reviewing text and making sure it's clear, concise and  
punchy. I'd certainly like to help with that.


* we need screencasts! Besides the how to make a CMS in 5 minutes  
screencast mentioned above, we can build tutorials on how to set up  
things, install things, make first steps.


Yep. Paul may be able to offer some advice (or even help) here.

* we need start collecting Zope 3 documentation we can put online. We  
need to mine what's there online right now, approach the creators with a  
proposal for a new home (we could even have a mockup of it all in the  
grand new design, see next point), and process the documents so we can

include it.


I would caution against throwing everything in there that is vaguely good.  
Quality must be the first priority, and seriously - no wikis. This would  
need review and control, not the potential to grow into another zope.org.  
Existing documents would probably need to be reformatted for style and  
layout, and we'd have to think carefully about providing a good picture.


I actually quite like the Django tutorial  
(http://www.djangoproject.com/documentation/tutorial1) because it's easy  
to follow, bite-sized, and I could get a pretty good idea of how it works  
by skimming the code + screenhots and skipping most of the text.


As a visitor, I need to have a single place to start, and a clear path  
through the information, not just a dump of information that I have to  
wade through myself. And most importantly, all the documentation (and I  
mean all of it) needs to be consistent, not only in style and message, but  
in the development patterns presented. I know zope 3 is powerful and  
great, but don't throw every combination out there all at once. People who  
want to invest in the framework will have plenty of time to discover all  
that. What we need to do is make it feasible for them to take that plunge.


* does anyone know a good web designer who can design a solid looking,  
serious, but still exciting website for zope?


We need one. Coders make poor visual designers. :)

Who is volunteering for some of this? I'm going to help out with the  
writing and will try to keep up my general nagging so we can push this  
forward, but we need more people.


I'd like to be nagged, more than anything. Kick me enough times, and I'll  
help :)



It's been very quiet on this list lately, and we need more noise. :)


/me shouts a little

Martin


--
(muted)

___
Zope-web maillist  -  Zope-web@zope.org
http://mail.zope.org/mailman/listinfo/zope-web

Re: [Zope] Re: htaccess with zope/plone ?

2006-02-08 Thread Jens Vagelpohl



On 7 Feb 2006, at 23:58, michael nt milne wrote:

Also, just to say that I did a test on only letting authenticated  
and managers view the root page of the site over ssl. If you just  
cancelled the login box or closed it, the whole front page was  
displayed without any css but you could still get all the content.  
I've had this quite a bit before so that's why I'm looking into  
Apache authentication. I just don't think that Zope authentication  
is secure.


As someone else has already mentioned, there is zero difference when  
it comes to how secure the login procedure is. It doesn't matter  
how you set up authentication if you haven't applied the proper  
permission settings in Zope to prevent showing that front page  
content you mentioned earlier. You need to get a better idea how to  
use the built-in Zope security mechanisms to achieve the security  
settings you would like to see.


Using both Apache and Zope authentication will bring mostly pain.  
Your strategy is wrong. Get a better understanding of what Zope can  
do in that regard and then decide.


jens

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: htaccess with zope/plone ?

ok, I've gone into the security tab in the site root and set 'view' to 'authenticated' whilst de-selecting aquire. However, using the password that gets me into the overall 8080/manage doesn't work. Also the front page still comes up if you cancel the login box and the page displays without css. This shouldn't happen with view set to authenticated.
On 2/8/06, Jens Vagelpohl [EMAIL PROTECTED] wrote:
On 7 Feb 2006, at 23:58, michael nt milne wrote: Also, just to say that I did a test on only letting authenticated and managers view the root page of the site over ssl. If you just cancelled the login box or closed it, the whole front page was
displayed without any css but you could still get all the content. I've had this quite a bit before so that's why I'm looking into Apache authentication. I just don't think that Zope authentication
is secure.As someone else has already mentioned, there is zero difference whenit comes to how secure the login procedure is. It doesn't matterhow you set up authentication if you haven't applied the proper
permission settings in Zope to prevent showing that front pagecontent you mentioned earlier. You need to get a better idea how touse the built-in Zope security mechanisms to achieve the securitysettings you would like to see.
Using both Apache and Zope authentication will bring mostly pain.Your strategy is wrong. Get a better understanding of what Zope cando in that regard and then decide.jens___
Zope maillist-Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding!**
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev
)-- Michael
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] ExtFile - wrong file extension and content_type

2006-02-08 Thread Martijn Pieters

On 2/7/06, Michael Vartanyan [EMAIL PROTECTED] wrote:
 well. I would really like to know what does this b/w mean in this
 context? Not blackwhite for sure :-)

I'd guess at 'backward compatibility'.

--
Martijn Pieters
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] proxy roles on Product methods

2006-02-08 Thread Palermo, Tom




Hi All,

Is it possible to set proxy 
roles on methods located in Zope Products. I need to turn the View permission 
off on some folders so certain users can't see them in a sitemap (uses 
dtml-tree). However, I've got an edit_html method located in a Zope product that 
then needs to use stuffin one of the folders that has"View" set to 
off for that user (who's running edit_html).

Thanks,
Tom
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Startup error with Formulator

2006-02-08 Thread Dennis Allison

Zope 2.8.4
Python 2.4.2

Startup error with Formulator.  What's missing or broken?

Out of the box:

2006-02-08T01:51:58 ERROR Zope Couldn't install Five
Traceback (most recent call last):
  File /usr/local/src/zope/Zope2.8/lib/python/OFS/Application.py, line 
773, in install_product
initmethod(context)
  File /usr/local/src/zope/Zope2.8/lib/python/Products/Five/__init__.py, 
line 29, in initialize
zcml.load_site()
  File /usr/local/src/zope/Zope2.8/lib/python/Products/Five/zcml.py, 
line 45, in load_site
_context = xmlconfig.file(file)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 439, in file
include(context, name, package)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 375, in include
processxmlfile(f, context)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 245, in processxmlfile
parser.parse(src)
  File 
/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py, line 
109, in parse
xmlreader.IncrementalParser.parse(self, source)
  File /usr/local/lib/python2.4/site-packages/_xmlplus/sax/xmlreader.py, 
line 123, in parse
self.feed(buffer)
  File 
/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py, line 
216, in feed
self._parser.Parse(data, isFinal)
  File 
/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py, line 
364, in end_element_ns
self._cont_handler.endElementNS(pair, None)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 225, in endElementNS
self.context.end()
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py, 
line 518, in end
self.stack.pop().finish()
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py, 
line 665, in finish
actions = self.handler(context, **args)
  File 
/usr/local/src/zope/Zope2.8/lib/python/Products/Five/fiveconfigure.py, 
line 56, in loadProducts
xmlconfig.include(_context, zcml, package=product)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 375, in include
processxmlfile(f, context)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 245, in processxmlfile
parser.parse(src)
  File 
/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py, line 
109, in parse
xmlreader.IncrementalParser.parse(self, source)
  File /usr/local/lib/python2.4/site-packages/_xmlplus/sax/xmlreader.py, 
line 123, in parse
self.feed(buffer)
  File 
/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py, line 
216, in feed
self._parser.Parse(data, isFinal)
  File 
/usr/local/lib/python2.4/site-packages/_xmlplus/sax/expatreader.py, line 
353, in start_element_ns
AttributesNSImpl(newattrs, qnames))
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/xmlconfig.py, 
line 206, in startElementNS
self.context.begin(name, data, info)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py, 
line 515, in begin
self.stack.append(self.stack[-1].contained(__name, __data, __info))
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py, 
line 815, in contained
return RootStackItem.contained(self, name, data, info)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py, 
line 683, in contained
factory = self.context.factory(self.context, name)
  File 
/usr/local/src/zope/Zope2.8/lib/python/zope/configuration/config.py, 
line 461, in factory
raise ConfigurationError(Unknown directive, ns, n)
ZopeXMLConfigurationError: File 
/usr/local/src/zope/Zope2.8/lib/python/Products/Five/skel/site.zcml, 
line 12.2-12.23
ZopeXMLConfigurationError: File 
/opt/zope/zproducts/standard/Formulator/configure.zcml, line 7.2
ConfigurationError: ('Unknown directive', 
u'http://namespaces.zope.org/i18n', u'registerTranslations')
--


The offending file is:

configure
xmlns=http://namespaces.zope.org/zope;
xmlns:i18n=http://namespaces.zope.org/i18n;


  !-- i18n --
  i18n:registerTranslations directory=i18n /

/configure


-- 

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] major problems placing authentication on an extranet site-security flaw?

HiI have major problems here trying to set-up authentication over a whole Plone site using Zope. Using my superuser account I've navigated to the site root page in the ZMI where it lists all the site pages and objects etc. I've then gone into security, scrolled down to the bottom and for the 'View' option I have tried all combinations of 'Manager', 'Authenticated' and 'Aquire'. It simply won't work. 
I get a pop-up box but the superuser manager pass doesn't work. Then, even with 'authenticated' checked and using a different browser to the one I'm using for the management screen, clicking return on the login box over and over again eventually produces the front page sans CSS. It shouldn't do this and when the extranet is live, if the public were to be able to view it this would be a serious risk. I've set view to authenticated only but it still lets me in.
I find the Zope security, permissions set-up hideously complex and unusable to be honest and it doesn't even seem to work.Very frustrated.-- Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

2006-02-08 Thread Jens Vagelpohl



On 8 Feb 2006, at 16:48, michael nt milne wrote:

I get a pop-up box but the superuser manager pass doesn't work.


If the superuser password is indeed set up correctly then this is a  
fault of the user folder. There are some bad implementations out that  
that do not respect the superuser/emergency user.



Then, even with 'authenticated' checked and using a different  
browser to the one I'm using for the management screen, clicking  
return on the login box over and over again eventually produces the  
front page sans CSS. It shouldn't do this and when the extranet is  
live, if the public were to be able to view it this would be a  
serious risk. I've set view to authenticated only but it still lets  
me in.


I find the Zope security, permissions set-up hideously complex and  
unusable to be honest and it doesn't even seem to work.


I'll be more explicit this time: You don't know enough to make  
blanket statements like this. From your emails it is obvious that you  
don't know much at all about the way Zope security works. You need to  
get a clue about what you're doing first. From the lack of similar  
complaints from the many Zope and Plone users out there and the lack  
of interest (meaning lack of responses to your emails) the only  
logical conclusion is that the fault is on your end.


Since this is a Plone site I would suggest you move this discussion  
to a Plone-related mailing list.


jens

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

2006-02-08 Thread Andreas Pakulat

On 08.02.06 16:48:08, michael nt milne wrote:
 I have major problems here trying to set-up authentication over a whole
 Plone site using Zope.

Start simple, start up a plain Zope, create a ZPT or DTML and change
it's view right. See what happens.

 I find the Zope security, permissions set-up hideously complex and unusable
 to be honest and it doesn't even seem to work.

Have you read the zope documentation on how security works? Have you
checked what happens when you access the Plone-url behind the scenes?

Andreas

-- 
You seek to shield those you love and you like the role of the provider.
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] proxy roles on Product methods

2006-02-08 Thread Dieter Maurer

Palermo, Tom wrote at 2006-2-8 09:59 -0500:
Is it possible to set proxy roles on methods located in Zope Products.

No, but I posted some time ago (to zope-cmf or plone-users)
code that allows you to set proxy roles on a region in
trusted code. Search for ProxyContext.



-- 
Dieter
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope=ZEO connection

2006-02-08 Thread Dieter Maurer

Dennis Allison wrote at 2006-2-7 18:18 -0800:
 ...
What sort of Zope failure can cause this sort of behavior?  What's the 
best approach to get more information to localize the failure.

A crash presented to Zope as a fatal signal (usually SIGSEGV
or SIGBUS).

Reconfigure your Linux account running Zope to write
core files (ulimit -Sc 10). With a bit of luck
you will get a core file written in case of such crashes.
Look into the core with GDB. Note, that the value 10
might not be big enough to get a complete core file.
GDB may have problems to really understand incomplete ones.


-- 
Dieter
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

2006-02-08 Thread Dieter Maurer

michael nt milne wrote at 2006-2-8 16:48 +:
I have major problems here trying to set-up authentication over a whole
Plone site using Zope. Using my superuser account I've navigated to the site
root page in the ZMI where it lists all the site pages and objects etc. I've
then gone into security, scrolled down to the bottom and for the 'View'
option I have tried all combinations of 'Manager', 'Authenticated' and
'Aquire'. It simply won't work.

You can use VerboseSecurity to analyse difficult authorization
problems.

VerboseSecurity is an integral part of Zope from 2.8 on.
Previously, it has been a separate product.

-- 
Dieter
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Session Variables Redux

2006-02-08 Thread Dennis Allison


Zope 2.9.0
Python 2.4.2

There appears to still be a problem with session variables that does not
appear to be the result of interactions with conflicts nor the result of
unexpected restarts.  It does not appear to be load related.

The problem we see is a sudden disappearance of all, one, or a small 
number of session variables.  In a session varaiable stateful system this 
is an embarassment.   The behavior is a bit like a variable which is 
not identified as persistent, but all read and write accesses go through
a getSessionVariable/setSessionVariable interface:

## Script (Python) getSessionVariable
##bind container=container
##bind context=context
##bind namespace=
##bind script=script
##bind subpath=traverse_subpath
##parameters=varname
##title=
##
request=container.REQUEST
session=request['SESSION']
return session[varname]

## Script (Python) setSessionVariable
##bind container=container
##bind context=context
##bind namespace=
##bind script=script
##bind subpath=traverse_subpath
##parameters=var, val
##title=
##
request = container.REQUEST
session=request['SESSION']
# write only if necessary
if not session.has_key(var) or session[var]!=val:
session[var]=val


Our session lifetimes are long (hours, days) and conflicts are fairly 
frequent.  Hand checking of the logs does not show any obvious correlation 
between session variable loss and conflict.  Moreover, all conflicts are 
resolved.

Does anyone else see this sort of problem?  Any suggestions as to how to 
isolate the problem?  



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

Thanks for the advice. I'll have another look at the security settings but this is undoubtedly an issue. The superuser password not working is the main one etc. But ultimately my comments on usabiltity should be taken on board because Zope security is overly complex.
On 2/8/06, Dieter Maurer [EMAIL PROTECTED] wrote:
michael nt milne wrote at 2006-2-8 16:48 +:I have major problems here trying to set-up authentication over a wholePlone site using Zope. Using my superuser account I've navigated to the siteroot page in the ZMI where it lists all the site pages and objects etc. I've
then gone into security, scrolled down to the bottom and for the 'View'option I have tried all combinations of 'Manager', 'Authenticated' and'Aquire'. It simply won't work.You can use VerboseSecurity to analyse difficult authorization
problems.VerboseSecurity is an integral part of Zope from 2.8 on.Previously, it has been a separate product.--Dieter-- Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

I've just tried this on a completely different server. I also made sure that 'access contents information' was set to 'manager' and 'authenticated'.The same thing happens. The main password doesn't work and also you still get the main page contents if you keep cancelling or pressing return on the login box.
Complete nightmare. This was the reason I wanted to go with Apache security as it's more robust.MichaelOn 2/8/06, michael nt milne
[EMAIL PROTECTED] wrote:Thanks for the advice. I'll have another look at the security settings but this is undoubtedly an issue. The superuser password not working is the main one etc. But ultimately my comments on usabiltity should be taken on board because Zope security is overly complex.
On 2/8/06, Dieter Maurer
[EMAIL PROTECTED] wrote:
michael nt milne wrote at 2006-2-8 16:48 +:I have major problems here trying to set-up authentication over a wholePlone site using Zope. Using my superuser account I've navigated to the siteroot page in the ZMI where it lists all the site pages and objects etc. I've
then gone into security, scrolled down to the bottom and for the 'View'option I have tried all combinations of 'Manager', 'Authenticated' and'Aquire'. It simply won't work.You can use VerboseSecurity to analyse difficult authorization
problems.VerboseSecurity is an integral part of Zope from 2.8 on.Previously, it has been a separate product.--Dieter--
Michael

-- Michael
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne schrieb:
  Thanks for the advice. I'll have another look at the security settings
 but this is undoubtedly an issue.  The superuser password not working is
 the main one etc. But ultimately my  comments on usabiltity should be
 taken on board because Zope security is overly complex.

Actually its not that hard - and its just fine grained - a very strength
of zope. You can use VerboseSecurity to debug your security issues.

Did you read the chapter about users and security in the zope book?

Regards
Tino
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

Of course I did. Why on earth would you be able to view a front page of a site when it is labelled as 'authenticated' and also as 'manager' ? just by pressing cancel or return a few times. Big security flaw I'm sorry. Also superuser passwords don't work when security is set up and I've tried this on a couple of set-ups. And this is apart from the usability.
On 2/8/06, Tino Wildenhain [EMAIL PROTECTED] wrote:
michael nt milne schrieb:Thanks for the advice. I'll have another look at the security settings but this is undoubtedly an issue.The superuser password not working is the main one etc. But ultimately mycomments on usabiltity should be
 taken on board because Zope security is overly complex.Actually its not that hard - and its just fine grained - a very strengthof zope. You can use VerboseSecurity to debug your security issues.
Did you read the chapter about users and security in the zope book?RegardsTino-- Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

2006-02-08 Thread Andreas Pakulat

On 08.02.06 21:25:33, michael nt milne wrote:
 I've just tried this on a completely different server. I also made sure that
 'access contents information' was set to 'manager' and 'authenticated'.

Wow, you read the zope-book on security, setup a new zope on a server
and checked this in just 10 minutes? Forgive me if I don't believe this.

 The same thing happens. The main password doesn't work and also you still
 get the main page contents if you keep cancelling or pressing return on the
 login box.

So no Plone this time? What does VerboseSecurity tell you? Do you have
to login to get access to the ZMI? Have you tried to allow
non-authenticated access to the ZMI?

 Complete nightmare. This was the reason I wanted to go with Apache security
 as it's more robust.

No it's not, it's not less robust either, at least that's what I
experienced until now.

Andreas

-- 
You can rent this space for only $5 a week.
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

I printed out the section on Zope security quite a while ago and read it. So it's not just in the last ten minutes. I haven't tried verbosesecurity just yet as I haven't had the time. Basically, the security should work without that.
On 2/8/06, Andreas Pakulat [EMAIL PROTECTED] wrote:
On 08.02.06 21:25:33, michael nt milne wrote: I've just tried this on a completely different server. I also made sure that 'access contents information' was set to 'manager' and 'authenticated'.Wow, you read the zope-book on security, setup a new zope on a server
and checked this in just 10 minutes? Forgive me if I don't believe this. The same thing happens. The main password doesn't work and also you still get the main page contents if you keep cancelling or pressing return on the
login box.So no Plone this time? What does VerboseSecurity tell you? Do you haveto login to get access to the ZMI? Have you tried to allownon-authenticated access to the ZMI? Complete nightmare. This was the reason I wanted to go with Apache security
as it's more robust.No it's not, it's not less robust either, at least that's what Iexperienced until now.Andreas--You can rent this space for only $5 a week.___
Zope maillist-Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope** No cross posts or HTML encoding!**
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev
)-- Michael
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne schrieb:
 Of course I did. Why on earth would you be able to view a front page of
 a site when it is labelled as 'authenticated' and also as 'manager' ?
 just by pressing cancel or return a few times. Big security flaw I'm
 sorry. Also superuser passwords don't work when security is set up and
 I've tried this on a couple of set-ups. And this is apart from the
 usability.

I dont get what you tried... many of us are doing it and it just
works. Much easier as with apache I say. Apropos getting and trying...
could you try to set your mail-client to text only and quote like
all others do? This would make it easier to read what you type :-)

You only remove [ ] Acquire for View and assign it to
Authenticated or better to whatever role your users should belong.

Canceling Authentication requester will not show you contents
but the standard_error_page - unless you have a broken useragent
(e.g. Internetexplorer) with horrible cache settings and did
view the authenticated page before.

Regards
Tino Wildenhain
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

Sorry but this is not my experience and I have experimented. Am using gmail basic setting which I like. On 2/8/06, Tino Wildenhain 
[EMAIL PROTECTED] wrote:michael nt milne schrieb: Of course I did. Why on earth would you be able to view a front page of
 a site when it is labelled as 'authenticated' and also as 'manager' ? just by pressing cancel or return a few times. Big security flaw I'm sorry. Also superuser passwords don't work when security is set up and
 I've tried this on a couple of set-ups. And this is apart from the usability.I dont get what you tried... many of us are doing it and it justworks. Much easier as with apache I say. Apropos getting and trying...
could you try to set your mail-client to text only and quote likeall others do? This would make it easier to read what you type :-)You only remove [ ] Acquire for View and assign it toAuthenticated or better to whatever role your users should belong.
Canceling Authentication requester will not show you contentsbut the standard_error_page - unless you have a broken useragent(e.g. Internetexplorer) with horrible cache settings and didview the authenticated page before.
RegardsTino Wildenhain-- Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

2006-02-08 Thread Mark Barratt


michael nt milne wrote:

I find the Zope security, permissions set-up hideously complex and 
unusable to be honest and it doesn't even seem to work.


Yes. But security is hard on any capable system, with users, groups, 
objects, applications all having security attributes and all those 
things inheriting and interacting in unexpected ways. Netware and 
Windows are the same.


As for 'doesn't even seem to work', that may be true (welcome to Open 
Source!), but you may 'just' be experiencing interactions between Zope 
security (hideously complex, etc) and Plone security (also complex). The 
interactions between these systems are basically beyond ordinary humans 
- or, possibly, just don't work.


It may be most sensible to try to hand off security to another system 
entirely and let Zope/Plone share/inherit it - as your original 
intention. If it's an extranet, can you use the surrounding network's 
system? Pluggable authentication can use Windows or LDAP (or, perhaps, 
other) authentication to provide access to a Zope/Plone, so visitors log 
in to your network rather than to the Zope site, and the Zope/Plone can 
inherit whatever the domain authentication system knows about them.


My other advice is to try not to touch ZMI security screens: if you're 
using Plone you should try to set up the security you need in Plone as 
far as possible. You really don't need Plone and Zope trying to do 
different things at the same time: it's a fragile and complex marriage 
and the partners all too easily end up stalking out of the room.


(this also suggests you might have better luck on the Plone discussion 
lists, eg nntp://gmane.comp.web.zope.plone.user)


best

Mark Barratt
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

michael nt milne schrieb:
 Sorry but this is not my experience and I have experimented. Am using
 gmail basic setting which I like.

Be sure mailinglist people dont like it :-)

Actually it should not bee too hard to
1) create a role, lets call it Guests (in / )
2) create a user: guest (in /acl_folder) with role Guests
3) remove [ ] acquire  for View and if you want Access Contents
Information and make a [x] for Manager and [x] Guests

thats it.

Go with a new browser (closed and reopen if you want)
to / of your site and you will get the standard_error_page
with Unauthorized if you cancel the login box.

You can customize standard_error_page if you want.

How can this be easier with Apache? I'd like to see :-)

(Yes, I know Apache quite good)

Regards
Tino
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

Mark Barratt schrieb:
 michael nt milne wrote:
 
...
 My other advice is to try not to touch ZMI security screens: if you're
 using Plone you should try to set up the security you need in Plone as

Ah yes, things are a bit different when plone comes in. Then Plone
documentation should be consulted, of course.

Regards
Tino
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

2006-02-08 Thread Andreas Pakulat

On 08.02.06 21:38:26, michael nt milne wrote:
 Of course I did. Why on earth would you be able to view a front page of a
 site when it is labelled as 'authenticated' and also as 'manager' ? just by
 pressing cancel or return a few times.

I just checked that with a plain Zope's index_html. I cannot view
localhost:8080/ when I change the security setting of index_html to
allow View only for authenticated. However I can view it when I
authenticate with the initial user information.

Now the same thing with a plone site, removed the view-right from
front_page I get a screen telling me to authenticate. Not the box
because Plone normally uses cookie-auth, you should be able to change
that in the UserFolder. If I use the initial-user with the
cookie-based-form I can see the plone site.

Then I removed the View right from the plone-site-object for anonymous
and when I access localhost:8080/p1 I get the Basic-HTTP-Login Box,
giving it the initial-user-info it lets me view the front_page. 

 Big security flaw I'm sorry.

I wonder why you are the only one experiencing this... Maybe because the
error is on your side (or sits in front of your monitor)? And not Zope.

 Also
 superuser passwords don't work when security is set up and I've tried this
 on a couple of set-ups. And this is apart from the usability.

What do you mean with superuser? There is no superuser, you have an
initial user but that's not a user you'd normally use to login. You add
new Users in the user-folder.

And what usability problem are you now talking about?

Andreas

-- 
Reply hazy, ask again later.
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: htaccess with zope/plone ?


michael nt milne wrote:

Sorry but there's alot of Apache knowledge here and it's completely
relevant. 


No it isn't, if you want to use Apache auth, go ask on an Apache forum.
You don't, but you think you do, and you won't listen to anyone, which 
is annoying in its own right...


Also Zope doesn't do SSL well 


Zope doesn't do SSL at all, there's no point. Secure transport and 
authentication have little to do with each other...



and all password - login is
basically insecure! 


Not if it's over SSL...


I've found out that  I'm best using httpd.conf and
not htaccess . Also irc.freenode is unusable.


Oh don't be so rediculous...

Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: htaccess with zope/plone ?


michael nt milne wrote:

Also I'm implementing an extranet solution where extra security is
required-so therefore an apache login and a further plone login for
editing the site.


I commented to someone asking similar questions about them being stupid, 
lazy or both. I don't think you're lazy ;-)


Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: htaccess with zope/plone ?


michael nt milne wrote:

Also, just to say that I did a test on only letting authenticated and
managers view the root page of the site over ssl.


How?


If you just cancelled the
login box or closed it, the whole front page was displayed without any css
but you could still get all the content.


Well, then you didn't set permissions correctly...


I've had this quite a bit before so
that's why I'm looking into Apache authentication. I just don't think that
Zope authentication is secure.


You just don't think, or research, which is more your problem...

cheers,

Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: htaccess with zope/plone ?


michael nt milne wrote:

But if you've got Apache ssl as well then it's more secure.


Yes, SSL is a transport encryption method, not an authentication method...


The problem I've found is that you can't put this in the httpd.conf unless
it is wrapped in a Directory/Directory directive

AuthType Basic
AuthName Members Only
AuthUserFile /path/to/.htpasswd
require valid-user


This is an Apache question, take it elsewhere!

Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: htaccess with zope/plone ?


michael nt milne wrote:

ok, I've gone into the security tab in the site root and set 'view' to
'authenticated' whilst de-selecting aquire. 


Yay!


However, using the password that
gets me into the overall 8080/manage doesn't work.


Huh? Can you provide any less information, or maybe make it a bit 
vaguer? ;-)



 Also the front page still
comes up if you cancel the login box and the page displays without css. 


Then you still haven't sorted your permissions properly...


This
shouldn't happen with view set to authenticated.


Then _you're_ doing something wrong, 'cos it works just fine for the 
rest of us...


Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?


michael nt milne wrote:

I have major problems here trying to set-up authentication over a whole
Plone site using Zope. Using my superuser account I've navigated to the site
root page in the ZMI where it lists all the site pages and objects etc. I've
then gone into security, scrolled down to the bottom and for the 'View'
option I have tried all combinations of 'Manager', 'Authenticated' and
'Aquire'. It simply won't work.


You're simply doing it wrong then ;-)


I get a pop-up box but the superuser manager pass doesn't work.


What does it say when you hit cancel? have you tried enabling verbose 
security in zope.conf?



I find the Zope security, permissions set-up hideously complex and unusable
to be honest and it doesn't even seem to work.


Then for gods sake stop trying to use Zope and go find some toy system 
you do understand!



Very frustrated.


So are we, quit bugging us until you've learned a bit more about how 
things work, started with something simple, or just plain raised your IQ 
a little ;-)


Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] proxy roles on Product methods


Palermo, Tom wrote:
Is it possible to set proxy roles on methods located in Zope Products. 


Not really, why do you think you need to?


see them in a sitemap (uses dtml-tree). However, I've got an edit_html
method located in a Zope product that then needs to use stuff in one of the
folders that has View set to off for that user (who's running edit_html).


If the code is in a disk-based class method, security won't be coming 
into play.


What errors are you seeing?
(if you get an auth box, consider hitting cancel or enabling verbose 
security in zope.conf, restarting and trying again)


cheers,

Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope=ZEO connection


Dennis Allison wrote:
2006-02-06T14:07:20 INFO ZPublisher.Conflict ConflictError at 
some path: 
database conflict error (oid 0x086e, class BTrees._OOBTree.OOBTree, serial 
this txn started with 0x03633ca95f75e900 2006-02-06 22:01:22.373575, 
serial currently committed 0x03633caf59114244 2006-02-06 22:07:20.875176) 
(463 conflicts (0 unresolved) since startup at Mon Feb  6 08:21:26 2006)


Well, at least the new conflict error logging stuff works :-)


--
2006-02-06T14:09:09 INFO ZServer HTTP server started at Mon Feb  6 
14:09:09 2006

Hostname: x-harper
Port: 8081

which also triggers a connection drop and restarBt of ZEO.


Odd... not seen this at all, what OS you running on?

cheers,

Chris

--
Simplistix - Content Management, Zope  Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] major problems placing authentication on an extranet site-security flaw?

Look I'm having genuine issues here and to be honest there's no need to become personally insulting. I've just set-up Plone on an Windows server with SSL Apache and multiple virtual hosts so don't take kindly to a few of these remarks. The last piece of my jigsaw is authenication which is becoming an issue.
On 2/8/06, Chris Withers [EMAIL PROTECTED] wrote:
michael nt milne wrote: I have major problems here trying to set-up authentication over a whole Plone site using Zope. Using my superuser account I've navigated to the site root page in the ZMI where it lists all the site pages and objects etc. I've
then gone into security, scrolled down to the bottom and for the 'View' option I have tried all combinations of 'Manager', 'Authenticated' and 'Aquire'. It simply won't work.You're simply doing it wrong then ;-)
I get a pop-up box but the superuser manager pass doesn't work.What does it say when you hit cancel? have you tried enabling verbosesecurity in zope.conf? I find the Zope security, permissions set-up hideously complex and unusable
to be honest and it doesn't even seem to work.Then for gods sake stop trying to use Zope and go find some toy systemyou do understand! Very frustrated.So are we, quit bugging us until you've learned a bit more about how
things work, started with something simple, or just plain raised your IQa little ;-)Chris--Simplistix - Content Management, Zope Python Consulting-
http://www.simplistix.co.uk-- Michael
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: htaccess with zope/plone ?