Re: [Zope-dev] Acquisition wishlist :-)
On Mon, Jan 08, 2001 at 10:38:22PM +0100, Dieter Maurer wrote: Martijn Pieters writes: On Mon, Jan 08, 2001 at 10:10:34AM +, Chris Withers wrote: You wouldn't need to have index_html = None if it is inherited, since the inherited idnex_html would be used before one is acquired, surely? Yup. If you don't want to have any index_html *at all*, just declare it index_html = None. DTML Methods and HiperDom templates do this as well, for example. You have an "index_html" and its value is "None". If you use this class with another class that has a useful "index_html", you must care for the inheritance order to get the right on. Of course, but you always have to. index_html in any class could be anything. You could even override the inherited 'index_html = None' with 'index_html = Acquisition.Acquire'. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] python script
Zope mailing lists wrote: I recently released 'zopectl', a python script ...gak... now is that a 'python script' or a 'Python Script'? ;-) *grinz* Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] index_html = None is bad...
Dieter Maurer wrote: snip example It would be much clearer, when "Item" could declare, it does not want to acquire the methods without providing a definition. Having seen the example, I think you're right :-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] When to use Rack , Folders w/Customize, etc.
Hi, Reading up on ZPatterns I'm still confused about some thing's (sometimes more, sometimes less). I wonder: When to use Rack, Folders w/Customize, attribute provider, sheetproviders etc. In which solution do I get ZODB dependens. One important aspect for some of my applications are to be as "virtual" as possible. (I hope this question is clear enough :-) Regards, Johan Carlsson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] When to use Rack , Folders w/Customize, etc.
Johan Carlsson wrote: Hi, Reading up on ZPatterns I'm still confused about some thing's (sometimes more, sometimes less). I wonder: When to use Rack, Folders w/Customize, attribute provider, sheetproviders etc. In which solution do I get ZODB dependens. Folder w/ Customizer support. When you use this, the DataSkin instances appear in the ZODB, and look like normal ZClass (or whatever) instances. One important aspect for some of my applications are to be as "virtual" as possible. Use Specialists. Specialists contain Racks. Each Rack manages a particular class of objects. You can store objects in the ZODB inside the Rack, or alternamtively, you can get the data from external sources. You can also combine both kinds of data to provide the attributes for a single object. I've just completed a fairly complex ZPatterns project, designed broadly according to Coad / ZPatterns / wisdom from PJE . I used both approaches, and, based on that experience, I suggest you use the Specialists approach unless you have a pressing need to have your dataskin instances "rooted" in the ZODB. In the latter case only, use Folder w/ Customizer support. Other the other hand, if you want to design a "normal" Zope application, but just get the flexibility of using Attribute Providers and Skinscript to coordinate your dataskin instances, then use Folder w/ Customizer support. -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCatalog and 'fuzzy logic'
Morten W. Petersen wrote: Is there anyone who could try to give an estimate of how long it would take to add fuzzy logic (regexp-like) searching capability to the ZCatalog? And reasoning as to why would be appreciated. ;) Right now, you could use an External Method to apply a regex match to each unique value in a field index in a Catalog, and return the appropriate Catalog Brains for each match. This is as easy as called uniqueValues() on the catalog, iterating through the unique values to filter them, and then searching the catalog with the results of the filter as the constraint for that fieldindex. This would minutes and hours to implement and test, and would execute in O(number of unique field values) time, for many values of the fieldindex, which should remain acceptably fast where you have a catalog with many items, most of which have fields drawn from the same (small) set. If you want to search a TextIndex using a regex, or you want to search for a pattern among a number of fields of the same item, then you're into an algorithm that would execute in O(number of cataloged items) time. That could get very slow for any sizable catalog. The other option for searching a TextIndex is to use extensions to the NEAR and AND and OR operators that are currently supported. I guess it all depends what you mean by "fuzzy matching". -- Steve Alexander Software Engineer Cat-Box limited http://www.cat-box.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZCatalog and 'fuzzy logic'
Morten W. Petersen writes: Is there anyone who could try to give an estimate of how long it would take to add fuzzy logic (regexp-like) searching capability to the ZCatalog? I do not think that "fuzzy logic" is strongly related to "regexp-like". Anyway. Fuzzy searching often means "finding matches with characters omitted, replaced or inserted". Zope's globbing vocabularies support wildcards '*' and '?'. To implement wildcard based searches efficiently, they index words under their two letter consitutents. When you now get a pattern, you derive from the pattern what two letter constituents the matching words must have and retrieve them. This defines a candidate word set. Then you check, whether the retrieved word really match the expression. You can extend this algorithm to get fuzzy searches. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage'?
[This thread should not be crossposted to both mailling lists. I'm following up to zope-dev, and will post a note to zope saying i did so. In general, please do *not* cross-post - it's almost never justified, certainly isn't in this case.] On Tue, 9 Jan 2001, Mohan Baro wrote: My view is that as a sysadmin, I rather give ZOPE superuser/manager the ability install products through ZOPE, rather than giving them access to the OS. The point is that giving web-access visitors the ability to install products inherently gives them total OS/filesystem access, with the authority of the account that is running zope. As things stand, you can give out web access *without* this OS/FS exposure - you're talking about eliminating the discretion. Another view I have is that I do not want my developers to think about which platform they are working on. This convenience will be at the cost of risk. If you're willing to take the risk, products that give filesystem and command access will give that to you. (Is local filesystem access what LocalFS does?) Zope shouldn't _force_ you to be exposed to that risk, just because some people want the convenience. ZOPE runs on a variety of OSes and each one of then have their own way of providing file/directory security (or no security win9x). Zope should rely on its own security for its products. ... overriding the discretion of the system administrators? Not proper. System administrators should have the choice - if they don't, they'll refuse to run zope in droves - and well they ought to refuse. Ken Manheimer [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
On Mon, Jan 08, 2001 at 11:19:36AM -0500, Jason Cunliffe wrote: The need to improve the manage interface has grown urgently clear to me while using Zope myself, designing for all sorts of community and collaborative Zope-based projects, demos for a number of innocent bystanders, interested parties and potential clients. Zope 'manage' is plain primitive at present. Considering the power of Zope, and the real workflow needs of people working with it, imho this present lack of thoughtful user interface makes no sense. By ignoring these basics, Zope is neglecting a #1 self-promotion opportunity - how it runs out of the box, and how quickly one can use it as site-planning/design tool.It is quite unproductive now compared to what it could/should be. I am looking for real help here on how best to improve this... Here is a list of features I believe should be default manage screen behavior now. Please submit your comments and improvements to these improvements: KISS For those who do not want any added features, there should be an option in z2.py or as a manage_config DTML method in "/" or anywhere else in the tree to enable or disable 'advanced manage' features. --- 1. SORT TABLE 'manage' needs to presented with basic column listings so one can display sort by headings. I am not sure if this turns into a CatalogAware Inferno or whether all this info is already hidden in the ZODB and could be extracted adn cached sensibly and quickly. What do you think? For example some headings I see a real need for: NAME [default now], DATE[created, last modified] SIZE, TYPE[meta-type], USER[default=owner], DEPTH, COUNT, CHANGES, PROPERTY, DISPLAY The created date is not available in the ZODB. Depth I rather not use; you don't want to wake up a huge subtree (like the Zope.org Members folder) when determining the depth of a tree. There has been some discussion about using the 'title' attribute of HTML tags to add additional mouse-over visible information to objects, I think a lot of the information fields you describe may have a place in that field (and not clutter up the view). SNIP How easy hard is the above to do? Has it already bee done? What techniques/components exists already to make it happen? What need to be developed? How does this affect Zope core? What woudl you like to see when you click on manage? What would you lceints liek to see? If you check out Zope 2.3 from CVS now, you'll see that a great many changes have been made to the Zope Management Interface, included some of the changes you listed, like sorting. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote: Are you planning a manage_install for products? The ability for superusers to install complelte products directly through the management interface, no need for ftp. similar to import/export feature I hope not! Anyone gaining management access to your Zope server will be able to install arbitrary products on your server and gain access to the file system. There is a strict dividing line between the file system and the ZMI, allowing installation through the web interface will cross that line with one giant step. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
- You can work with full SSL-encryption, maybe even client certificates.
This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
while being the "better TELNET/FTP" is not always an option, and it
always opens up more than necessary)
what exactly does SSH open uo 'more than necessary'. Sufficient clue on
admin's side provided?
Of course, "suficient clue on admin's side provided", you are right. But I
don't know too many cases of perfectly secure configurations ...
- People won't hack together their own solutions for the problem (with
LocalFS installed and me having the rights to add LocalFS instances,
it would take me not very long to "infiltrate" any Zope server. Just add
the "Extensions" folder via LocalFS and upload all you need as External
Methods ...)
That requires a few things, if I am not mistaken...
a) ZServer runs as anything but nobody/nogroup and is not
jail(8)ed/chrooted. If that is the case, well, I'd personally shoot
the admin responsible for that if something comes up.
b) ${ZOPEROOT}/Extensions allows nobody to write into it - shoot admin.
Again you are right, but as Zope is really easy to install, I'd guess that it
is not only used (and installed) by "uberadmins" who know exactly what they
are doing ...
Joachim
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
* Joachim Werner sez: Again you are right, but as Zope is really easy to install, I'd guess that it is not only used (and installed) by "uberadmins" who know exactly what they are doing ... Hmmm... coming to think about it. Zope comes with /Extensions as drwxrwxr-x and UID='nobody' in z2.py. Unless the admin modifies the standard setup, he's at least safe from people putting stuff into his /Extensions. You're right at a general level, tho. Hmm, wonder if I should write a Zope-chroot-howto :) Windoze-Zope-Users, on the other hand... well... jonas -- Jonas Luster -- http://smurftarget.net (while netwarriors.org is down) -- [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZCatalog and 'fuzzy logic'
Is there anyone who could try to give an estimate of how long it would take to add fuzzy logic (regexp-like) searching capability to the ZCatalog? And reasoning as to why would be appreciated. ;) -Morten ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
On Tuesday 09 January 2001 15:41, Martijn Pieters wrote: On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote: Are you planning a manage_install for products? The ability for superusers to install complelte products directly through the management interface, no need for ftp. similar to import/export feature I hope not! Anyone gaining management access to your Zope server will be able to install arbitrary products on your server and gain access to the file system. There is a strict dividing line between the file system and the ZMI, allowing installation through the web interface will cross that line with one giant step. I think this is a political one. For me, the things that are really valuable on a web site are the data and the user information, which both are available through the web interface. At least if Zope runs as a user and has its own home directory, the additional damage that can be caused by people with file system access is not very high. O.k., they can shut down my server. They can do that by using "manage_shutdown" from the web anyway. Same with deleting all data on the server. IMHO a well-designed "over-the-web" installation concept would make Zope MORE secure, not less e.g.: - You can work with full SSL-encryption, maybe even client certificates. This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP, while being the "better TELNET/FTP" is not always an option, and it always opens up more than necessary) - People won't hack together their own solutions for the problem (with LocalFS installed and me having the rights to add LocalFS instances, it would take me not very long to "infiltrate" any Zope server. Just add the "Extensions" folder via LocalFS and upload all you need as External Methods ...) Cheers, Joachim. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] Re: [Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
* Joachim Werner sez:
Ok, let me try to understand this one. I am a bit dumb, sorry...
- You can work with full SSL-encryption, maybe even client certificates.
This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
while being the "better TELNET/FTP" is not always an option, and it
always opens up more than necessary)
what exactly does SSH open uo 'more than necessary'. Sufficient clue on
admin's side provided?
- People won't hack together their own solutions for the problem (with
LocalFS installed and me having the rights to add LocalFS instances, it
would take me not very long to "infiltrate" any Zope server. Just add the
"Extensions" folder via LocalFS and upload all you need as External
Methods ...)
That requires a few things, if I am not mistaken...
a) ZServer runs as anything but nobody/nogroup and is not
jail(8)ed/chrooted. If that is the case, well, I'd personally shoot
the admin responsible for that if something comes up.
b) ${ZOPEROOT}/Extensions allows nobody to write into it - shoot admin.
http://www.post1.com/home/ngps is a good way to start securing Zope, the
problem of transmitting passwords in the clear is a big one, but has
been solved at my domains by deploying SecurID-tokens, which might not
be the ultiamte solution (lots of stuff I wanted to hide is still
transmitted in the clear) but is a good start.
jonas
--
Jonas Luster -- http://smurftarget.net (while netwarriors.org is down) --
[EMAIL PROTECTED]
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?
My view is that as a sysadmin, I rather give ZOPE superuser/manager the ability install products through ZOPE, rather than giving them access to the OS. Another view I have is that I do not want my developers to think about which platform they are working on. ZOPE runs on a variety of OSes and each one of then have their own way of providing file/directory security (or no security win9x). Zope should rely on its own security for its products. ..IMHO Mohan -Original Message- From: Martijn Pieters [mailto:[EMAIL PROTECTED]]On Behalf Of Martijn Pieters Sent: Tuesday, January 09, 2001 9:42 AM To: Mohan Baro Cc: Jason Cunliffe; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ? On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote: Are you planning a manage_install for products? The ability for superusers to install complelte products directly through the management interface, no need for ftp. similar to import/export feature I hope not! Anyone gaining management access to your Zope server will be able to install arbitrary products on your server and gain access to the file system. There is a strict dividing line between the file system and the ZMI, allowing installation through the web interface will cross that line with one giant step. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZPatterns Non-TTW developement
Hi again, 1. Are there any parts of the ZPattern that demands TTW developement? After reading alote of intresting discussions I find that there is alote of talk about ZClasses, but as I understand it they can be Python subclasses of ZPattern base classes as well? 2. If I want to write a default implementation for an application storing data in a SQL database could I just subclass DataPlugins and add my SQL-methods in that class? Cheers, Johan Carlsson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
