Re: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-10 Thread Toby Dickenson
On Friday 06 June 2003 21:28, Jamie Heilman wrote: Quick way to add 100 zodb connections and ~90M to the memory footprint with relatively little clue of who is responsible assuming traditional logging; presumeably one would get much trickier if they really wanted to obfuscate the source of

Re: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-10 Thread Jamie Heilman
Toby Dickenson wrote: ! # Disable nasty insecure version support. Thanks to ! # Jamie Heilman and everyone one zope-dev Unless you're damning me with faint praise for posting an exploit, (which is fine) this issue was found by Oliver, not me. -- Jamie Heilman

[Zope-dev] Buy your Inkjets online xxwq

2003-06-10 Thread 4cheap_ltgm
laihc87 INK JETS LASER TONERS Cables

Re: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-10 Thread Toby Dickenson
On Tuesday 10 June 2003 09:32, Jamie Heilman wrote: Toby Dickenson wrote: ! # Disable nasty insecure version support. Thanks to ! # Jamie Heilman and everyone one zope-dev Unless you're damning me with faint praise for posting an exploit, (which is fine) No criticism was

Re: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-10 Thread Jamie Heilman
Toby Dickenson wrote: No criticism was implied public exploits are valuable part of the security process. Its nice to hear not everyone in the industry has lost their mind. /me glances at redmond -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with

[Zope-dev] Patch disabling versions, was: Re: small summary and big plea

2003-06-10 Thread Clemens Robbenhaar
Hi Toby, I am sorry, but the patch to disable versions does not work for me (using Zope 2.6.1 / Python2.1.3), maybe because of trivial typo: === RCS file: /cvs-repository/Zope/lib/python/ZODB/ZApplication.py,v retrieving

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Chris Withers
Shane Hathaway wrote: My opinion on this is a little different. It's quite easy for anyone to make mischief on any Zope server that lets people make even minor changes to the site, such as giving feedback, posting a discussion item, etc. All you have to do is include a Zope-Version cookie in

[Zope-dev] Post-authentication hook

2003-06-10 Thread Chris Withers
Dieter Maurer wrote: When we had a post-authentication hook (a hook called by ZPublisher after authentication has been done), then we could check in this hook that the user has the right to enter the version. When did we have one? Where did it go? Such a hook would be extremely

Re: [Zope-dev] RE: DBtab and BDBStorage

2003-06-10 Thread Chris Withers
Andrew R. Halko wrote: Plone/Members/ - BerkleyDB to allow a large number of users a large DB to create whatever they need in their areas I don't see why you're using BDB here. If you have a 4GB Data.fs in another part of your setup, what's the problem with just using a FileStorage for this?

RE: [Zope-dev] RE: DBtab and BDBStorage

2003-06-10 Thread Andrew R. Halko
Well, currently I cannot get python 2.2.3 to work with Plone. I got a first error and was able to fix the problem, but then got another and have not been able to fix it for the life of me. I tried the Plone mailing list for the bug I got after installing python and got nothing. 2.2.3 will

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Oliver Bleutgen
Chris Withers wrote: Shane Hathaway wrote: My opinion on this is a little different. It's quite easy for anyone to make mischief on any Zope server that lets people make even minor changes to the site, such as giving feedback, posting a discussion item, etc. On the weekend I had the idea

[Zope-dev] what is manage_workspace supposed to do?

2003-06-10 Thread Oliver Bleutgen
I've a problem with a product I'm writing and the way manage_workspace works. There's this code in App/Management.py: def manage_workspace(self, REQUEST): Dispatch to first interface in manage_options options=self.filtered_manage_options(REQUEST) try:

RE: small summary and big plea was:(Re: [Zope-dev] Versions: should they die?)

2003-06-10 Thread Brian Lloyd
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing the version machinery to require the join / leave versions permission (which is assigned only to managers by default. Brian Lloyd[EMAIL PROTECTED] V.P. Engineering 540.361.1716 Zope Corporation http://www.zope.com

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Shane Hathaway
Brian Lloyd wrote: FYI - we plan for this to be fixed in 2.6.2, preferably by fixing the version machinery to require the join / leave versions permission (which is assigned only to managers by default. It will be interesting to find out how this can be accomplished. To use a version, you have

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Oliver Bleutgen
Shane Hathaway wrote: Brian Lloyd wrote: FYI - we plan for this to be fixed in 2.6.2, preferably by fixing the version machinery to require the join / leave versions permission (which is assigned only to managers by default. It will be interesting to find out how this can be accomplished. To

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Lennart Regebro
Shane Hathaway wrote: I really wouldn't mind if we just disabled version support altogether, with a configuration option to re-enable it. Perhaps users would appreciate having less to worry about. I still think this is the best idea. If this is not possible, then at least removing it from the

[Zope-dev] RE: DBtab and BDBStorage

2003-06-10 Thread Andrew R. Halko
Hey Shane, After I converted a Plone folder into its own ZODB, I believe it still has the contents of the old site in it while loading the one folder from the new database. So, I copied data.fs to be files.fs and then deleted in the plone interface, created the mount point and it came back.

[Zope-dev] Image.py:File._upload_data

2003-06-10 Thread Chris Withers
It would appear that _read_data only returns a single Pdata object if you chuck it a large string rather than the linked list of Pdata objects it would if you chucked it a FileUpload instance. Surely it should return a linekd list of Pdata objects in either case?

[Zope-dev] Re: small summary and big plea was:(Re: Versions: should they die?)

2003-06-10 Thread Jim Fulton
Shane Hathaway wrote: Brian Lloyd wrote: FYI - we plan for this to be fixed in 2.6.2, preferably by fixing the version machinery to require the join / leave versions permission (which is assigned only to managers by default. It will be interesting to find out how this can be accomplished. To

[Zope-dev] Re: Post-authentication hook

2003-06-10 Thread Dieter Maurer
Chris Withers wrote at 2003-6-10 13:24 +0100: Dieter Maurer wrote: When we had a post-authentication hook (a hook called by ZPublisher after authentication has been done), then we could check in this hook that the user has the right to enter the version. When did we

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Dieter Maurer
Shane Hathaway wrote at 2003-6-10 10:15 -0400: Brian Lloyd wrote: FYI - we plan for this to be fixed in 2.6.2, preferably by fixing the version machinery to require the join / leave versions permission (which is assigned only to managers by default. It will be interesting to find

Re: [Zope-dev] what is manage_workspace supposed to do?

2003-06-10 Thread Dieter Maurer
Oliver Bleutgen wrote at 2003-6-10 14:54 +0200: ... (*) if m.find('/'): raise 'Redirect', ( %s/%s % (REQUEST['URL1'], m)) return getattr(self, m)(self, REQUEST) My question is about the marked block. I'd guess that the intent is to send a redirect if m

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Dieter Maurer
Oliver Bleutgen wrote at 2003-6-6 22:48 +0200: Dieter Maurer wrote: Oliver Bleutgen wrote at 2003-6-6 11:46 +0200: 3. And (minor problem, but whatever), since zope relies completely on the browser to send cookies only the right time (i.e. that the path set for the cookie

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Dieter Maurer
Oliver Bleutgen wrote at 2003-6-10 16:20 +0200: ... And you have to take acquisition into account folder1 some_object folder2 version2 some_object shouldn't be lockable into version2. Where did you ever read that the effect of versions were in any way restricted in

[Zope-dev] Re: Post-authentication hook

2003-06-10 Thread Evan Simpson
Dieter Maurer wrote: We had discussed the post-authentication hook in connection with role based skin selection but we never had it implemented. I have, and it even fits here in the margin. Shall I pop it into the Collector? 242a243 self._post_traverse = post_traverse = [] 363a365

Re: [Zope-dev] Re: Post-authentication hook

2003-06-10 Thread robert
Please do, I need it for some some extra authentication against a mysql db. Robert Am Dienstag, 10. Juni 2003 20:41 schrieb Evan Simpson: Dieter Maurer wrote: We had discussed the post-authentication hook in connection with role based skin selection but we never had it implemented. I have,

Re: [Zope-dev] Re: Post-authentication hook

2003-06-10 Thread Evan Simpson
robert wrote: Please do Okeydoke: it's Issue #935. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce

Re: small summary and big plea was:(Re: [Zope-dev] Versions: shouldthey die?)

2003-06-10 Thread Oliver Bleutgen
Dieter Maurer wrote: Oliver Bleutgen wrote at 2003-6-10 16:20 +0200: ... And you have to take acquisition into account folder1 some_object folder2 version2 some_object shouldn't be lockable into version2. Where did you ever read that the effect of versions were in any