On Friday 06 June 2003 21:28, Jamie Heilman wrote:
Quick way to add 100 zodb connections and ~90M to the memory footprint
with relatively little clue of who is responsible assuming traditional
logging; presumeably one would get much trickier if they really wanted
to obfuscate the source of
laihc87
INK
JETS
LASER
TONERS
Cables
On Tuesday 10 June 2003 09:32, Jamie Heilman wrote:
Toby Dickenson wrote:
! # Disable nasty insecure version support. Thanks to
! # Jamie Heilman and everyone one zope-dev
Unless you're damning me with faint praise for posting an exploit,
(which is fine)
No criticism was
Toby Dickenson wrote:
No criticism was implied public exploits are valuable part of
the security process.
Its nice to hear not everyone in the industry has lost their mind.
/me glances at redmond
--
Jamie Heilman http://audible.transient.net/~jamie/
We must be born with
Hi Toby,
I am sorry, but the patch to disable versions does not work for me
(using Zope 2.6.1 / Python2.1.3), maybe because of trivial typo:
===
RCS file: /cvs-repository/Zope/lib/python/ZODB/ZApplication.py,v
retrieving
Shane Hathaway wrote:
My opinion on this is a little different. It's quite easy for anyone to
make mischief on any Zope server that lets people make even minor
changes to the site, such as giving feedback, posting a discussion item,
etc. All you have to do is include a Zope-Version cookie in
Dieter Maurer wrote:
When we had a post-authentication hook (a hook called by
ZPublisher after authentication has been done),
then we could check in this hook that the user has
the right to enter the version.
When did we have one? Where did it go?
Such a hook would be extremely
Well, currently I cannot get python 2.2.3 to work with Plone. I got a
first error and was able to fix the problem, but then got another and
have not been able to fix it for the life of me. I tried the Plone
mailing list for the bug I got after installing python and got nothing.
2.2.3 will
Chris Withers wrote:
Shane Hathaway wrote:
My opinion on this is a little different. It's quite easy for anyone
to make mischief on any Zope server that lets people make even minor
changes to the site, such as giving feedback, posting a discussion
item, etc.
On the weekend I had the idea
I've a problem with a product I'm writing and the way manage_workspace
works.
There's this code in App/Management.py:
def manage_workspace(self, REQUEST):
Dispatch to first interface in manage_options
options=self.filtered_manage_options(REQUEST)
try:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the join / leave versions
permission (which is assigned only to managers by default.
Brian Lloyd[EMAIL PROTECTED]
V.P. Engineering 540.361.1716
Zope Corporation http://www.zope.com
Brian Lloyd wrote:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the join / leave versions
permission (which is assigned only to managers by default.
It will be interesting to find out how this can be accomplished. To use
a version, you have
Shane Hathaway wrote:
Brian Lloyd wrote:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the join / leave versions
permission (which is assigned only to managers by default.
It will be interesting to find out how this can be accomplished. To
Shane Hathaway wrote:
I really wouldn't mind if we just disabled version support altogether,
with a configuration option to re-enable it. Perhaps users would
appreciate having less to worry about.
I still think this is the best idea. If this is not possible, then at
least removing it from the
Hey Shane,
After I converted a Plone folder into its own ZODB, I believe it still
has the contents of the old site in it while loading the one folder from
the new database.
So, I copied data.fs to be files.fs and then deleted in the plone
interface, created the mount point and it came back.
It would appear that _read_data only returns a single Pdata object if you chuck
it a large string rather than the linked list of Pdata objects it would if you
chucked it a FileUpload instance.
Surely it should return a linekd list of Pdata objects in either case?
Shane Hathaway wrote:
Brian Lloyd wrote:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the join / leave versions
permission (which is assigned only to managers by default.
It will be interesting to find out how this can be accomplished. To
Chris Withers wrote at 2003-6-10 13:24 +0100:
Dieter Maurer wrote:
When we had a post-authentication hook (a hook called by
ZPublisher after authentication has been done),
then we could check in this hook that the user has
the right to enter the version.
When did we
Shane Hathaway wrote at 2003-6-10 10:15 -0400:
Brian Lloyd wrote:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the join / leave versions
permission (which is assigned only to managers by default.
It will be interesting to find
Oliver Bleutgen wrote at 2003-6-10 14:54 +0200:
...
(*) if m.find('/'):
raise 'Redirect', (
%s/%s % (REQUEST['URL1'], m))
return getattr(self, m)(self, REQUEST)
My question is about the marked block. I'd guess that the intent is to
send a redirect if m
Oliver Bleutgen wrote at 2003-6-6 22:48 +0200:
Dieter Maurer wrote:
Oliver Bleutgen wrote at 2003-6-6 11:46 +0200:
3. And (minor problem, but whatever), since zope relies completely on
the browser to send cookies only the right time (i.e. that the path set
for the cookie
Oliver Bleutgen wrote at 2003-6-10 16:20 +0200:
...
And you have to take acquisition into account
folder1
some_object
folder2
version2
some_object shouldn't be lockable into version2.
Where did you ever read that the effect of versions
were in any way restricted in
Dieter Maurer wrote:
We had discussed the post-authentication hook in connection
with role based skin selection but we never had it implemented.
I have, and it even fits here in the margin. Shall I pop it into the
Collector?
242a243
self._post_traverse = post_traverse = []
363a365
Please do,
I need it for some some extra authentication against a mysql db.
Robert
Am Dienstag, 10. Juni 2003 20:41 schrieb Evan Simpson:
Dieter Maurer wrote:
We had discussed the post-authentication hook in connection
with role based skin selection but we never had it implemented.
I have,
robert wrote:
Please do
Okeydoke: it's Issue #935.
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
Dieter Maurer wrote:
Oliver Bleutgen wrote at 2003-6-10 16:20 +0200:
...
And you have to take acquisition into account
folder1
some_object
folder2
version2
some_object shouldn't be lockable into version2.
Where did you ever read that the effect of versions
were in any
26 matches
Mail list logo
