Re: [Zope-dev] Zope logic
On Thu, 30 May 2002, Chris Withers wrote: People will be really confused to see such results: http://www.zope.org/Documentation/ZopeBook/Documentation http://www.zope.org/Images Why would they see such URLs? Normally would not. But if I know such a site is managed by Zope, I can easily find such a URL with dead loops. I don't know how search engines like Google handles this situation, at least it will cause unnecessary traffic to the site once a bad guy just simply publish the URL on their own page. I'm a little bit new to Zope. I don't yet have a lot of my own objects created under Zope. But I think there might be some objects like methods or scripts that is URL-sensitive. It will adds lots of tasks to the script itself to filter off unexpected request URLs to avoid generating errors that may turn into security holes. Is there a way to setup an object to be uninheritable or as private to avoid this logic? Or maybe we should workout a way to do so. If you're interested, take a look at Zope 3. However, in your case, you probably need to worry more about why you're generating URLs like the ones above rather than the fact that it is possible to do so. Hackers everywhere. :) Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
From: Wei He [EMAIL PROTECTED] An object (say index_html) is inherited by child objects of the site say Document to make http://www.domain.com/Document share the upper level index_html. This sounds good but acutally not I think. It not only sounds good, but it is good.No, it' is fantastic. Amazing. Totally unbelivingly great! It's one of the best and main features of Zope. People will be really confused to see such results: http://www.zope.org/Documentation/ZopeBook/Documentation Then don't show them these results. :-) http://www.zope.org/Images Whats confusing about that one? I don't know how search engines like Google handles this situation, Search engines follow links. Unless you display a looping link to them, they won't find it, and hence, it's not a problem. Best Regards Lennart Regebro Torped Strategi och Kommunikation AB ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] access to ZCatalog-data via xmlrpc
--On Mittwoch, Mai 29, 2002 16:15:44 +0100 Toby Dickenson
[EMAIL PROTECTED] wrote:
On Wednesday 29 May 2002 3:24 pm, Joachim Schmitz wrote:
Hi,
I want to acces a ZCatalog via xmlrpc, but
server=xmlrpclib.Server(http://myserver.aixtraware.de;
,BasicAuthTransport(username=user,password=pw
))
r = server.Catalog()
results in
Fault -1: Unexpected Zope exception: cannot marshal type
'IOBTreeItems' objects
What is to do, to enable marshalling of those types ?
You could hack xmlrpclib to marshall those object, but I dont recommend
it. Those objects can be big (but lazily evaluated), and you would be
opening a significant denial of service vulnerability in your server.
But it also can be very interesting for exporting data from a Zope site, to
be used in other applications.
I suggest you create a method (Python Script?) that makes the catalog
query, sanitizes the response by making sure it is not too big, and
returns a vanilla list or dictionary
I wrote a little pythonscript to export data from a ZPatterns Rack, where
the data is stored in a propertysheet:
res=context.Catalog()
t=[]
for m in sequence.sort(res,(('reg_id','cmp','desc'),)):
r=m.propertysheets.Basic.propertyItems()
t.append(r)
return t
This runs fine, when I test the script. But when I access it with xmlrpc, I
get:
Fault -1: Unexpected Zope exception: cannot marshal type 'None'
objects
I changed Zope xmlrpclib.py and added to the Marshaller class:
def dump_None(self, value):
self.write(valuestringNone/string/value\n)
dispatch[NoneType] = dump_None
Now that works, but I think the xmlrpclib.py, should be able to marshall
the None type.
Mit freundlichen Grüßen Joachim Schmitz
AixtraWare Ingenieurbüro für Internetanwendungen
Hüsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163
Key fingerprint = DA10 CC82 62F8 1DBB 39A1 1EDC 725B 3317 A8D7 C3A6
Keyserver: http://www.keyserver.net/en/
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] access to ZCatalog-data via xmlrpc
On Thursday 30 May 2002 10:35 am, Joachim Schmitz wrote: You could hack xmlrpclib to marshall those object, but I dont recommend it. Those objects can be big (but lazily evaluated), and you would be opening a significant denial of service vulnerability in your server. But it also can be very interesting for exporting data from a Zope site, to be used in other applications. Sure, but you dont want to to marshall your whole zope site into one huge in-memory string. Now that works, but I think the xmlrpclib.py, should be able to marshall the None type. Yes. updating xmlrpclib.py is on the todo list for zope 2.6. I hope a change similar to this will be included. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] access to ZCatalog-data via xmlrpc
Joachim Schmitz wrote:
--On Mittwoch, Mai 29, 2002 16:15:44 +0100 Toby Dickenson
[EMAIL PROTECTED] wrote:
On Wednesday 29 May 2002 3:24 pm, Joachim Schmitz wrote:
Hi,
I want to acces a ZCatalog via xmlrpc, but
server=xmlrpclib.Server(http://myserver.aixtraware.de;
,BasicAuthTransport(username=user,password=pw
))
r = server.Catalog()
results in
Fault -1: Unexpected Zope exception: cannot marshal type
'IOBTreeItems' objects
What is to do, to enable marshalling of those types ?
XML-RPC only has a limited set of types it can marshal and that
can't be changed without breaking the standard.
The alternative would be sending Python pickles encoded as
XML-RPC binary over the wire.
You could hack xmlrpclib to marshall those object, but I dont recommend
it. Those objects can be big (but lazily evaluated), and you would be
opening a significant denial of service vulnerability in your server.
But it also can be very interesting for exporting data from a Zope site,
to be used in other applications.
I suggest you create a method (Python Script?) that makes the catalog
query, sanitizes the response by making sure it is not too big, and
returns a vanilla list or dictionary
I wrote a little pythonscript to export data from a ZPatterns Rack,
where the data is stored in a propertysheet:
res=context.Catalog()
t=[]
for m in sequence.sort(res,(('reg_id','cmp','desc'),)):
r=m.propertysheets.Basic.propertyItems()
t.append(r)
return t
This runs fine, when I test the script. But when I access it with
xmlrpc, I get:
Fault -1: Unexpected Zope exception: cannot marshal type 'None'
objects
I changed Zope xmlrpclib.py and added to the Marshaller class:
def dump_None(self, value):
self.write(valuestringNone/string/value\n)
dispatch[NoneType] = dump_None
Now that works, but I think the xmlrpclib.py, should be able to marshall
the None type.
None doesn't have an equivalent type in XML-RPC.
--
Marc-Andre Lemburg
CEO eGenix.com Software GmbH
__
Company Consulting: http://www.egenix.com/
Python Software: http://www.egenix.com/files/python/
Meet us at EuroPython 2002: http://www.europython.org/
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] access to ZCatalog-data via xmlrpc
On Thursday 30 May 2002 11:11 am, M.-A. Lemburg wrote: XML-RPC only has a limited set of types it can marshal and that can't be changed without breaking the standard. Yes, that means you unmarshall some xml-rpc data into a python None. xmlrpc doesnt have support for marshalling class instances, but xmlrpclib.py will marshall python class instances to xmlrpc dictionaries *because* *it* *is* *useful* to do so. If you were designing an interface specifically for xml-rpc you would design it to avoid Nones. However most Zope interfaces are designed for other purposes, then xml-rpc usage comes later. Its difficult to take the None's out of your data structures once they are in. When the xml-rpc marshaller sees a None going *out* of Zope, I think it makes sense to marshall this is an integer zero (or Joachim suggested the string None). That makes more sense than raising an exception. (In Zope, anyway. Im not making any comments about other xmlrpclib.py uses) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] access to ZCatalog-data via xmlrpc
On Thursday 30 May 2002 11:29 am, Toby Dickenson wrote: Yes, that means you unmarshall some xml-rpc data into a python None. Argh. That means you *cant* unmarshall some xml-rpc data into a python None. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
Lennart Regebro wrote: From: Wei He [EMAIL PROTECTED] An object (say index_html) is inherited by child objects of the site say Document to make http://www.domain.com/Document share the upper level index_html. This sounds good but acutally not I think. It not only sounds good, but it is good.No, it' is fantastic. Amazing. Totally unbelivingly great! It's one of the best and main features of Zope. Well, I'm not so enthusiastic about it. Implicit acquisition in URLs leads to subtle bugs. One thing that just about every Zope site does is acquire images using a simple relative URL, but that makes the images much less cacheable. If www.example.com/docs/tutorial/go.gif, www.example.com/docs/go.gif, and www.example.com/go.gif refer to the same image, HTML authors are likely to just choose any of the three. The browser can't know they are the same image and will have to fetch the image up to three times. This problem explodes on larger sites unless you educate HTML authors. Another problem is illustrated by zope.org's version of ZWiki. I don't know if the problem is still there or whether it's in the main ZWiki product. ZWiki uses relative URLs, and some of the URLs displayed on the pages include a trailing slash and some don't. That leads to effective URLs that include doubled names. That's okay until a spider requests URLs like this: http://dev.zope.org/Wikis/DevSite/Proposals/Proposals/Proposals/FrontPage Looking at the zope.org logs, I once saw GoogleBot generate URLs like this to zope.org of 1000 characters or more. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote: It not only sounds good, but it is good.No, it' is fantastic. Amazing. Totally unbelivingly great! It's one of the best and main features of Zope. Is anyone relying on your site to provide information? How do you test your site to make sure that every possible url (not just the ones you link to) do not give out misinformation. Some specific problems that I have encountered: 1. Content that crosses between virtual hosts. If two different virtual hosts come from the same zope then it is possible to construct a URL so that content from one site appears under the hostname (and https certificate!) of another. 2. A page that uses a mix of context and containment If a page is built up with some content found from its context, and other content from containment, then it is possible to construct a URL so that apparently related information comes from unrelated objects. Imagine a medical imaging database, where it was possible for a page do display the wrong patient name above an image. My conclusions are: a. implicit acquisition is dangerous b. acquisition that searches outside the containment hierarchy is evil. Im not keeping up with Zope 3 development. how does Zope 3 handle acquisition? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
Toby Dickenson wrote: My conclusions are: a. implicit acquisition is dangerous b. acquisition that searches outside the containment hierarchy is evil. Im not keeping up with Zope 3 development. how does Zope 3 handle acquisition? There is no implicit acquisition in Zope 3. If there ever is, it will only be there as part of a Zope 2 compatibility library. Generally if you want something to be acquired by content that lies below it, you make that something a a View, a Resource, or a Utility, or a Service, or some other such thing. There is also an acquire namespace for paths and URLs. I haven't had cause to use that though. You make a choice as to what you want as Content and what you want as behind-the-scenes plumbing. -- Steve Alexander ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] fsrecovery in Zope 2.4 ?
In Zope 2.5 CHANGES.txt is said Provided a much more robust tool for recovering data from damaged FileStorage files I would like to know what tool it is. Is it lib/python/ZODB/fsrecovery.py ?? As I can't upgrade to Zope 2.5 now, I would like to know if it is possible to install and use this tool on Zope 2.4, because the gain in case of a catastrophe seem very interesting. Thank you very much for you atention, -- Saludos de Julián EA4ACL -.- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope logic
gt; Looking at the zope.org logs, I once saw GoogleBot generate URLs like gt; this to zope.org of 1000 characters or more. Teehee, Googlebot once hit ZopeZen for about 3 days in a continuous loop. Just use absolute_urls. Always. Its one of Zope's golden rules. Mind you I've abused acquistion a few times, it comes in useful to be able to have a different / shorter url point to the same object... -- Andy McKay ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
Hmmm... interesting points... However I almost completely disagree. The only part of URL implicit acquisition that I have a problem with is acquiring from outside the VHost, but if you plan properly, you can even avoid this. I have written several sites that use this feature, and I have found no significant problems with it, and as for it being a problem for caching proxies, many of the objects that get acquired are dynamic, and provide different content based on context, so multiple cache entries is the correct answer. Adrian... -- Adrian Hungate EMail: [EMAIL PROTECTED] Web: http://www.haqa.co.uk - Original Message - From: Toby Dickenson [EMAIL PROTECTED] To: Lennart Regebro [EMAIL PROTECTED]; Wei He [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 30, 2002 4:07 PM Subject: Re: [Zope-dev] Zope logic On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote: It not only sounds good, but it is good.No, it' is fantastic. Amazing. Totally unbelivingly great! It's one of the best and main features of Zope. Is anyone relying on your site to provide information? How do you test your site to make sure that every possible url (not just the ones you link to) do not give out misinformation. Some specific problems that I have encountered: 1. Content that crosses between virtual hosts. If two different virtual hosts come from the same zope then it is possible to construct a URL so that content from one site appears under the hostname (and https certificate!) of another. 2. A page that uses a mix of context and containment If a page is built up with some content found from its context, and other content from containment, then it is possible to construct a URL so that apparently related information comes from unrelated objects. Imagine a medical imaging database, where it was possible for a page do display the wrong patient name above an image. My conclusions are: a. implicit acquisition is dangerous b. acquisition that searches outside the containment hierarchy is evil. Im not keeping up with Zope 3 development. how does Zope 3 handle acquisition? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope logic
Shane Hathaway [EMAIL PROTECTED] writes: Looking at the zope.org logs, I once saw GoogleBot generate URLs like this to zope.org of 1000 characters or more. I had this too, leading to heavy traffic what's more. Cf http://zwiki.org/TheRobotProblem. Since then, as a temporary measure I set the no robots meta header in standard_wiki_header. Also, I cleaned up various link holes that would lead to infinite urls, using page_url() and wiki_url(). Finally, all wiki links were changed to use absolute urls (now optional). These things should help, and in fact it should be safe to allow google into a modern zwiki. Back to the original poster: yes, to avoid getting hammered by search engines it is necessary to make sure you expose no links leading to infinite urls. This may not be as hard as you think. Hackers can make up urls, but search engines don't (yet). -Simon ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
The namspace traversal in Zope 2 severely violates the principle of least surprise IMO. Although you can use this to clever ends, it opens up many doors to misuse of a site or even significant security holes. For instance, it used to be possible to access the Control Panel (and shutdown Zope) as a user defined in a subfolder of the root who had the local Manager role, just by forming a URL like: http://somezope/myfolder/Control_Panel/manage_main The point is that this grants way too much power to the end user to muck up the namespaces. It is difficult, if not impossible to design an app in Zope today that accounts for all possible namespace variations gracefully, since there are effectively an infinite number of them for every given object in Zope based on different URLs. Now I won't argue that implicit acquisition isn't useful. It rules in solving (and simplifying) problems in creating highly coordinated objects. But, being an implicit and magical thing, it is better if it is invoked through an explicit gesture rather than simply being there all the time. Having it around all the time also makes it easy to use it when its not the best (or most robust) solution because it also excels in creating namespace chaos that is difficult to predict and account for. This is what Zope3 realizes. -Casey On Thursday 30 May 2002 12:42 pm, Adrian Hungate wrote: Hmmm... interesting points... However I almost completely disagree. The only part of URL implicit acquisition that I have a problem with is acquiring from outside the VHost, but if you plan properly, you can even avoid this. I have written several sites that use this feature, and I have found no significant problems with it, and as for it being a problem for caching proxies, many of the objects that get acquired are dynamic, and provide different content based on context, so multiple cache entries is the correct answer. Adrian... -- Adrian Hungate EMail: [EMAIL PROTECTED] Web: http://www.haqa.co.uk - Original Message - From: Toby Dickenson [EMAIL PROTECTED] To: Lennart Regebro [EMAIL PROTECTED]; Wei He [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 30, 2002 4:07 PM Subject: Re: [Zope-dev] Zope logic On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote: It not only sounds good, but it is good.No, it' is fantastic. Amazing. Totally unbelivingly great! It's one of the best and main features of Zope. Is anyone relying on your site to provide information? How do you test your site to make sure that every possible url (not just the ones you link to) do not give out misinformation. Some specific problems that I have encountered: 1. Content that crosses between virtual hosts. If two different virtual hosts come from the same zope then it is possible to construct a URL so that content from one site appears under the hostname (and https certificate!) of another. 2. A page that uses a mix of context and containment If a page is built up with some content found from its context, and other content from containment, then it is possible to construct a URL so that apparently related information comes from unrelated objects. Imagine a medical imaging database, where it was possible for a page do display the wrong patient name above an image. My conclusions are: a. implicit acquisition is dangerous b. acquisition that searches outside the containment hierarchy is evil. Im not keeping up with Zope 3 development. how does Zope 3 handle acquisition? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Zope logic
Hmm... being able to acquire the Control_Panel (or anything) and it taking on the wrong security context was a bug, and AFAIK it has been corrected. Before I start sounding like I did in a previous thread, I am starting to have some very serious doubts about the direction Z3 development is heading. I have been a strong proponent of Zope, in part because of the very features that people seem to be proudly proclaiming will be removed from, or at best depricated in, Z3... Bottom line, internal bugs to one side, Z2.x works a particular way, and is documented as doing so. This is a powerful and useful feature, and we are likely to severly impact the power and process of Zopeing by removing it. If we are still heading for 10x we should be enhancing those features that set Zope apart from the competition, not removing features that make it different. Just my $0.02 Adrian... -- Adrian Hungate EMail: [EMAIL PROTECTED] Web: http://www.haqa.co.uk - Original Message - From: Casey Duncan [EMAIL PROTECTED] To: Adrian Hungate [EMAIL PROTECTED]; Toby Dickenson [EMAIL PROTECTED]; Lennart Regebro [EMAIL PROTECTED]; Wei He [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 30, 2002 6:43 PM Subject: Re: [Zope-dev] Zope logic The namspace traversal in Zope 2 severely violates the principle of least surprise IMO. Although you can use this to clever ends, it opens up many doors to misuse of a site or even significant security holes. For instance, it used to be possible to access the Control Panel (and shutdown Zope) as a user defined in a subfolder of the root who had the local Manager role, just by forming a URL like: http://somezope/myfolder/Control_Panel/manage_main The point is that this grants way too much power to the end user to muck up the namespaces. It is difficult, if not impossible to design an app in Zope today that accounts for all possible namespace variations gracefully, since there are effectively an infinite number of them for every given object in Zope based on different URLs. Now I won't argue that implicit acquisition isn't useful. It rules in solving (and simplifying) problems in creating highly coordinated objects. But, being an implicit and magical thing, it is better if it is invoked through an explicit gesture rather than simply being there all the time. Having it around all the time also makes it easy to use it when its not the best (or most robust) solution because it also excels in creating namespace chaos that is difficult to predict and account for. This is what Zope3 realizes. -Casey On Thursday 30 May 2002 12:42 pm, Adrian Hungate wrote: Hmmm... interesting points... However I almost completely disagree. The only part of URL implicit acquisition that I have a problem with is acquiring from outside the VHost, but if you plan properly, you can even avoid this. I have written several sites that use this feature, and I have found no significant problems with it, and as for it being a problem for caching proxies, many of the objects that get acquired are dynamic, and provide different content based on context, so multiple cache entries is the correct answer. Adrian... -- Adrian Hungate EMail: [EMAIL PROTECTED] Web: http://www.haqa.co.uk - Original Message - From: Toby Dickenson [EMAIL PROTECTED] To: Lennart Regebro [EMAIL PROTECTED]; Wei He [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, May 30, 2002 4:07 PM Subject: Re: [Zope-dev] Zope logic On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote: It not only sounds good, but it is good.No, it' is fantastic. Amazing. Totally unbelivingly great! It's one of the best and main features of Zope. Is anyone relying on your site to provide information? How do you test your site to make sure that every possible url (not just the ones you link to) do not give out misinformation. Some specific problems that I have encountered: 1. Content that crosses between virtual hosts. If two different virtual hosts come from the same zope then it is possible to construct a URL so that content from one site appears under the hostname (and https certificate!) of another. 2. A page that uses a mix of context and containment If a page is built up with some content found from its context, and other content from containment, then it is possible to construct a URL so that apparently related information comes from unrelated objects. Imagine a medical imaging database, where it was possible for a page do display the wrong patient name above an image. My conclusions are: a. implicit acquisition is dangerous b. acquisition that searches outside the containment hierarchy is evil. Im not keeping up with Zope 3 development. how does Zope 3 handle acquisition? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists -
[Zope-dev] Interested in sprinting at EuroPython 2002?
First, as a friendly reminder for EuroPython 2002: ***Early registration is open !!!*** *** https://secure.zope.nl/europython/Registration *** Deadline is May 31. Now, on to the good stuff. The EuroPython 2002 conference, http://www.europython.org, is in Charleroi, Belgium. We are planning a sprint the Sunday, Monday, and Tuesday before the confernce, making this sprint cover June 23-25. The goal of this sprint is like most others: education and spreading the word. However, we would like this sprint to attract a group of people that are committed to participating in Zope 3 after the sprint. If your interest is simply in learning about Zope 3, there is a tutorial the first day of the conference that might be more appropriate. The requirements are simple: you need to know how to develop in Python. Even Zope experience isn't mandatory (though it is quite useful.) We hope to have two groups of sprinters, with 6 or 8 people in each group. This means 3 or 4 pairs. If you are interested in sprinting and want to participate in the ongoing development of Zope 3, please email me (Paul Everitt, [EMAIL PROTECTED]) to sign up. More (and updated information) is available at: http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/EuroPython2002Sprint --Paul ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Zope logic
On Thu, 30 May 2002, Andy McKay wrote: gt; Looking at the zope.org logs, I once saw GoogleBot generate URLs like gt; this to zope.org of 1000 characters or more. Teehee, Googlebot once hit ZopeZen for about 3 days in a continuous loop. Just use absolute_urls. Always. Its one of Zope's golden rules. Mind you I've abused acquistion a few times, it comes in useful to be able to have a different / shorter url point to the same object... I just wonder whether it's possible to add an attribute, say 'inheritable', so that everyone will be happy. I think only then it can be called a 'feature'. Otherwise an obtrusion. Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Zope logic
But whilst you might think acquisition looks like inheritance it isn't Please don't confuse the two, they really are different, and until you think about them differently, I believe you won't necessarily grasp the significance of acquisition, or use it properly. Any tool/language/approach/methodology can be used incorrectly, Rgds Tim On Fri, 2002-05-31 at 10:46, Wei He wrote: On Thu, 30 May 2002, Andy McKay wrote: gt; Looking at the zope.org logs, I once saw GoogleBot generate URLs like gt; this to zope.org of 1000 characters or more. Teehee, Googlebot once hit ZopeZen for about 3 days in a continuous loop. Just use absolute_urls. Always. Its one of Zope's golden rules. Mind you I've abused acquistion a few times, it comes in useful to be able to have a different / shorter url point to the same object... I just wonder whether it's possible to add an attribute, say 'inheritable', so that everyone will be happy. I think only then it can be called a 'feature'. Otherwise an obtrusion. Wei He ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
