Re: [Zope-dev] access of non html documents
One way to do this is to peek at the HTTP_REFERER value coming from the browser before you serve the document. If the document is in a file object, then you can use a precondition for this, which is a callable object. It could be written as follows in a python script: request = context.REQUEST if not request.HTTP_REFERER.startswith(request.SERVER_URL): raise 'NotFound' If you make a script and then specify it for the preconditions of your files, then it would only allow downloads coming from another URL on your site. No direct URL or linking from outside would be allowed with a standard browser. However, one could easily circumvent this by spoofing the HTTP_REFERER on the client. This would assume a certain level of sophistication on the part of the would be spoofer. To make it a bit harder you could use sessions or cookies and validate those in your precondition instead. This would be harder to fool if you did it right. -Casey On Tuesday 12 November 2002 07:11 pm, General Info wrote: > i have the following situation. > i want the users to be able to download non html documents if that document is refered to from an html document. however, i dont want the users to be able to type the url and document name on the url box of their browers and be able to download it. > for example: > the documents exist in http://www.wwwdotcom.com/nonhtmldocs/doc1.pdf > however, i dont want the users to type that url on their browser and access doc1.pdf > i only want them to access it if that particular document is linked from an html document. > i have seen some websites that do that w/ images. how can i do that on zope? is it possible? > > i would appreciate any comments/suggesstions. > > -roberto > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] access of non html documents
i have the following situation. i want the users to be able to download non html documents if that document is refered to from an html document. however, i dont want the users to be able to type the url and document name on the url box of their browers and be able to download it. for example: the documents exist in http://www.wwwdotcom.com/nonhtmldocs/doc1.pdf however, i dont want the users to type that url on their browser and access doc1.pdf i only want them to access it if that particular document is linked from an html document. i have seen some websites that do that w/ images. how can i do that on zope? is it possible? i would appreciate any comments/suggesstions. -roberto
[Zope-dev] deadlock prevention for ZODB3 / Zope 2.6
We recently discovered that ZODB3 applications, like Zope 2.6, can deadlock when run in a system that uses multiple storages. This was a fundamental design flaw in ZODB that, happily, has a simple fix. Brian and I are planning to commit these changes to the ZODB3 3.1 and Zope 2.6 release branches and make them part of an upcoming bug fix release. This is a slightly dodgy plan, because there is a lot of code that is being changed for this bug fix. But the problem is fairly serious and the solution is available now, we'd like to get it in the hands of users more quickly than ZODB 3.2 and Zope 2.7. In short, the solution is to sort storages before beginning the two-phase commit process used by the transaction manager. Since the two-phase commit occurs during a transaction commit, we know all the storages that will be used, and, thus, all the locks that will be acquired. By sorting the locks, we can guarantee that deadlock will not occur. The implementation of deadlock prevention requires changes to the storage and transaction data manager APIs. Each must now implement a sortKey() method that returns a string that can be used to sort the storages. The sortKey must be globally unique; two storages can't have the same key unless they are the same storage and one storage must have the same key regardless of when it is used. The sortKey must be a string, because other objects may not sort in the same order for all Python versions. We have provided default implementions of sortKey() for BaseStorage and Connection. These implementations aren't necessarily correct, but they will prevent outright breakage if you update to the maintenance release. BaseStorage uses the __name__ and Connection uses id(). All storages and data managers should be updated to the new API. The default implementations may not prevent deadlock in a multi-storage environment; they only prevent the update from breaking existing code. Jeremy ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] DB.close() needs to be called
Looks like Toby's recent change to ApplicationManager.py causes DB.close() to never be called when you hit Shutdown in the Control Panel. This is a bad thing for the Berkeley storages because their .close() must get called or you'll end up with corrupt databases or worse . revision 1.83 date: 2002/11/12 17:19:13; author: htrd; state: Exp; lines: +2 -2 dont close the storages mid-transaction. need to check whether we need to close them at the end of z2.py "Um, yeah!" would be my answer. :) So here's a patch to z2.py to fix this. I won't check this in because it looks a little ugly to me and I'm not sure what the right fix is, but we definitely need to fix this before Zope 2.6.1 is released. -Barry Index: z2.py === RCS file: /cvs-repository/Zope/z2.py,v retrieving revision 1.88 diff -u -r1.88 z2.py --- z2.py 4 Nov 2002 13:33:46 - 1.88 +++ z2.py 12 Nov 2002 19:15:51 - @@ -909,5 +909,7 @@ import Lifetime Lifetime.loop() code = sys.ZServerExitCode +import Zope +Zope.DB.close() zLOG.LOG("z2", zLOG.INFO, 'Exiting with code %d' % code ) sys.exit(code) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [ZODB-Dev] ZODB 3.2 release plan posted
> "TD" == Toby Dickenson <[EMAIL PROTECTED]> writes: TD> On Tuesday 05 November 2002 7:04 pm, Jeremy Hylton wrote: >> I have posted a tenative release plan for ZODB 3.2 in the ZODB >> Wiki at http://www.zope.org/Wikis/ZODB/ZODB%203.2%20Release >> >> There are a small set of proposed features centering around >> better configuration and management of ZEO and ZODB. TD> Is 3.2 work happing on the trunk or a branch? It's happening where it's happening. Guido is doing the zdaemon stuff on the trunk. I've been working on the deadlock code on a branch, but I'll merge that to the trunk soon. This is the standard Zope development practice -- keep the trunk stable. Jeremy ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [ZODB-Dev] ZODB 3.2 release plan posted
> On Tuesday 05 November 2002 7:04 pm, Jeremy Hylton wrote: > > I have posted a tenative release plan for ZODB 3.2 in the ZODB Wiki at > > http://www.zope.org/Wikis/ZODB/ZODB%203.2%20Release > > > > There are a small set of proposed features centering around better > > configuration and management of ZEO and ZODB. > > Is 3.2 work happing on the trunk or a branch? I presume it's going on the trunk. Is there a problem with that? --Guido van Rossum (home page: http://www.python.org/~guido/) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [ZODB-Dev] ZODB 3.2 release plan posted
> "TD" == Toby Dickenson <[EMAIL PROTECTED]> writes: >> I have posted a tenative release plan for ZODB 3.2 in the ZODB >> Wiki at http://www.zope.org/Wikis/ZODB/ZODB%203.2%20Release >> There are a small set of proposed features centering around >> better configuration and management of ZEO and ZODB. TD> Is 3.2 work happing on the trunk or a branch? Trunk. -Barry ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [ZODB-Dev] ZODB 3.2 release plan posted
On Tuesday 05 November 2002 7:04 pm, Jeremy Hylton wrote: > I have posted a tenative release plan for ZODB 3.2 in the ZODB Wiki at > http://www.zope.org/Wikis/ZODB/ZODB%203.2%20Release > > There are a small set of proposed features centering around better > configuration and management of ZEO and ZODB. Is 3.2 work happing on the trunk or a branch? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Proposed Additional reStructuredText Deliverables
I'll volunteer for (1). I think implementing it will be easy, but writing tests for it could be tricky... On Monday, November 11, 2002, at 10:44 PM, Andreas Jung wrote: 3) is a *must-have feature*, 1) and 2) are *can-have features* (especially 2) ). At least for 1) I need a volunteer ;-) -aj 1. reStructuredText support in the Zope Help System. 2. reStructuredText support for Product README handling. 3. Ensuring that Page Templates and Python Scripts can access the reStructuredText.HTML() function. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )