Re: [Zope] medusa question

2000-07-03 Thread Adam Karpierz

>Where does medusa look for html files by default? I have regular old html
>files that I'd like to make available without fiddling with Zope. Is that
>possible?


Yes , but through use Medusa as standalone server.
Look at http://www.nightmare.com/medusa/index.html
Download http://www.nightmare.com/medusa/medusa-src-2601.tar.gz
and look at and /docs directory,  INSTALL.txt and especially, start_medusa.py.

Adam Karpierz
[EMAIL PROTECTED]




___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] medusa question

2000-07-03 Thread Shane Hathaway

Gary Shears wrote:
> Slightly off topic, but related. Does this mean that the everything on local
> file system is protected natively in zope. Short of things like buffer
> overflows. What I mean is, can I somehow muck up security in Zope and
> compromise my local system, or will only zope objects be affected?
>  I'm an absolute newbie to zope, and still trying to get a handle on the
> architecture.

As long as you don't use products that read and write arbitrary files
(such as LocalFS), Zope doesn't provide any way to write to any
directory but the "var" subdirectory (or if it does, it shouldn't and
will be fixed.)  So yes, Zope's architecture does provide decent
isolation from the file system.

Also keep in mind that Zope does not run as "root", so if you are
running on a Unix-like system such as Linux, even if Zope were fully
compromised an intruder would still have to find a security hole in
something else before it's possible to write to arbitrary files.

Shane

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] medusa question

2000-07-03 Thread Gary Shears

> > have regular old html
> > files that I'd like to make available without fiddling with Zope. Is that
> > possible?
> 
> Not out of the box. ZServer, which is based on Medusa, doesn't support serving
> of HTML files from the local file system, it noly serves content out of Zope
> itself.
> 
Slightly off topic, but related. Does this mean that the everything on local
file system is protected natively in zope. Short of things like buffer
overflows. What I mean is, can I somehow muck up security in Zope and
compromise my local system, or will only zope objects be affected?
 I'm an absolute newbie to zope, and still trying to get a handle on the
architecture.

Thanks,

gary

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




Re: [Zope] medusa question

2000-07-03 Thread Martijn Pieters

On Mon, Jul 03, 2000 at 03:27:04PM -0400, Frank McGeough wrote:
> Where does medusa look for html files by default? I have regular old html
> files that I'd like to make available without fiddling with Zope. Is that
> possible?

Not out of the box. ZServer, which is based on Medusa, doesn't support serving
of HTML files from the local file system, it noly serves content out of Zope
itself.

There is a product on Zope.org called LocalFS that allows you to integrate
filesystem based content into Zope though.

-- 
Martijn Pieters
| Software Engineermailto:[EMAIL PROTECTED]
| Digital Creations  http://www.digicool.com/
| Creators of Zope   http://www.zope.org/
| ZopeStudio: http://www.zope.org/Products/ZopeStudio
-

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )