Re: [Zope] medusa question
>Where does medusa look for html files by default? I have regular old html >files that I'd like to make available without fiddling with Zope. Is that >possible? Yes , but through use Medusa as standalone server. Look at http://www.nightmare.com/medusa/index.html Download http://www.nightmare.com/medusa/medusa-src-2601.tar.gz and look at and /docs directory, INSTALL.txt and especially, start_medusa.py. Adam Karpierz [EMAIL PROTECTED] ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] medusa question
Gary Shears wrote: > Slightly off topic, but related. Does this mean that the everything on local > file system is protected natively in zope. Short of things like buffer > overflows. What I mean is, can I somehow muck up security in Zope and > compromise my local system, or will only zope objects be affected? > I'm an absolute newbie to zope, and still trying to get a handle on the > architecture. As long as you don't use products that read and write arbitrary files (such as LocalFS), Zope doesn't provide any way to write to any directory but the "var" subdirectory (or if it does, it shouldn't and will be fixed.) So yes, Zope's architecture does provide decent isolation from the file system. Also keep in mind that Zope does not run as "root", so if you are running on a Unix-like system such as Linux, even if Zope were fully compromised an intruder would still have to find a security hole in something else before it's possible to write to arbitrary files. Shane ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] medusa question
> > have regular old html > > files that I'd like to make available without fiddling with Zope. Is that > > possible? > > Not out of the box. ZServer, which is based on Medusa, doesn't support serving > of HTML files from the local file system, it noly serves content out of Zope > itself. > Slightly off topic, but related. Does this mean that the everything on local file system is protected natively in zope. Short of things like buffer overflows. What I mean is, can I somehow muck up security in Zope and compromise my local system, or will only zope objects be affected? I'm an absolute newbie to zope, and still trying to get a handle on the architecture. Thanks, gary ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] medusa question
On Mon, Jul 03, 2000 at 03:27:04PM -0400, Frank McGeough wrote: > Where does medusa look for html files by default? I have regular old html > files that I'd like to make available without fiddling with Zope. Is that > possible? Not out of the box. ZServer, which is based on Medusa, doesn't support serving of HTML files from the local file system, it noly serves content out of Zope itself. There is a product on Zope.org called LocalFS that allows you to integrate filesystem based content into Zope though. -- Martijn Pieters | Software Engineermailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ | ZopeStudio: http://www.zope.org/Products/ZopeStudio - ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
