seb bacon wrote:
>
>
> Shane Hathaway wrote:
>
>> seb bacon wrote:
>>
>>> Production sites running a stock Zope are vulnerable to abuse of
>>> their server if they have not removed the 'Examples' folder. For
>>> example, anyone co
seb bacon wrote:
>
>
> Shane Hathaway wrote:
>
>> seb bacon wrote:
>>
>>> Production sites running a stock Zope are vulnerable to abuse of
>>> their server if they have not removed the 'Examples' folder. For
>>> example, anyone co
Tim Hoffman wrote:
> Hi
>
> I must be stupid or something, but I can't for the life
> of me work out a simple way of determining if a variable contains
> a string or array, in a PythonScript in Zope.
>
> I can't import type and or use type() function.
> isinstance doesn't work because I can't g
Steve Alexander wrote:
> Shane Hathaway wrote:
>
>>
>> os.stat() raises OSError if the file is not found, in which case mtime
>> should be set to 0.
>
>
> Surely if the file is not found, that's an error because the
> PageTemplateFile is pointing at
Steve Alexander wrote:
> lib/python/Products/PageTemplateFile.py, line 110, method _cook_check
>
> try:mtime=os.stat(self.filename)[8]
> except: mtime=0
>
>
> I've just spent an hour or so tracking down an awkward bug in some
> unit-tests. The true error was being hidden by
Mehran erfani wrote:
> I am a newbie to the zope world and recently started
> using zope in our corporate development environment.
> One thing that I couldn't find so far is an easy way
> to use cvs for revision control for individual
> components developed in zope. I understand that zope
> has it
On 1 Aug 2002, Gary Poster wrote:
> Hi Shane. I've been thinking about Zope versioning, and I also did a
> bit of list searches for past discussions on this general topic. One
> problem that seems pertinent to really any external-to-zope versioning
> system, including Subversion, is dealing wit
On 1 Aug 2002, Gary Poster wrote:
> Given a hypothetical folder-like instance called "myFLI", we would
> presumably want, in CVS (or Subversion, or whatever) a folder named
> "myFLI" containing the children and a file named, to borrow your
> example, "myFLI.properties.zexp" that *only* contains t
Chris Withers wrote:
> Shane Hathaway wrote:
>
>
>
> Wow! That was very very cool. I look forward to helping make this all a
> reality in Zope 3 ;-)
>
>> I'm sure I left a few things out, so ask questions about the unclear
>> parts. It's
Gary Poster wrote:
> I agree with Chris: *wow*!
>
> [re the original explanation]
> ...
>
>>I'm sure I left a few things out, so ask questions about the unclear
>>parts.
>
>
> Everything was wonderfully clear, except that the actual mechanism to
> convert the nested tuples flexibly to RDBMS
Tres Seaver wrote:
> Whithout the fix, virtually every Zope site in the world is vulnerable
> to URL-based cross-site scripting exploits. For instance, any URL which
> contains invalid form variable marshalling can generate an error page
> which includes the erroneous value, unquoted. E.g.:
>
>
Dieter Maurer wrote:
> Adrian Hungate writes:
> >
> > > We should avoid sending the wrong
> > > message by making a hotfix for every little thing.
> > >
> > > Shane
>
> > I'd like to second this. It was one of the contibuting factors in the
> > decision of my former employers to opt f
Andre Schubert wrote:
> Hi there,
>
> are there any known issues or problem running Zope 2.4.3 under PYthon 2.2
> instead of 2.1. I'am asking because my sysadmin has setup a new linux-box
> with RH7.3.
> RH7.3 only has Python 2.2 installed and there are no RPMs compiled against Python
>2.2.
> If
Craeg K Strong wrote:
> Hello:
>
> In order to use the unit testing facility for my custom Zope Products under
> FAT in win32, I had to do the following:
> In the file name::
>
> [ZOPE]\lib\python\Testing\custom_zodb.py
>
> Where ZOPE stands for the directory in which you installed Zope,
Adrian Hungate wrote:
> From: <[EMAIL PROTECTED]>
>
>>Hello,
>>
>>I have a question for you zope administrators out there :
>>What are your experiences whith zope running on Windows NT/2K? No matter
>>what I try , zope will run significant faster on a Unixlike system
>>(with the same hardware), e
On Thu, 29 Aug 2002, Chris Withers wrote:
> Shane Hathaway wrote:
> >
> > No, this is not a known issue. Could you provide a traceback?
>
> Traceback (most recent call last):
>File "testStripogram.py", line 103, in ?
> import Zope
>File &quo
Stefan H. Holek wrote:
> You need Data.fs.in to run unit tests. The Testing package does not work
> without it. See lib/python/Testing/custom_zodb.py.
FWIW, I'm looking into removing that requirement. With a tweaked
custom_zodb.py and minor changes to the sessioning machinery, all but
three t
Stefan H. Holek wrote:
> You are talking about the Zope core unit tests, aren't you? Can you be
> equally sure you do not break third party tests people wrote for their own
> products and packages? Please keep in mind that ZC is not the only one
> using the Testing package to write their unit test
I've moved this conversation from zodb-dev to zope-dev.
Magnus Heino wrote:
>> MH> ZEO2 outputs too many logs at level BLATHER.
>>
>> MH> Could these please be changed to DEBUG or something?
>>
>>But I like having them at BLATHER level :-).
>
>
> I guess so ;-)
>
>
>> MH> ZODB and VerboseS
On Fri, 13 Sep 2002, Magnus Heino wrote:
>
> > >>What do ZODB and VerboseSecurity log at the BLATHER level?
> > >
> > > 2002-09-12T17:55:53 BLATHER(-100) VerboseSecurity Unauthorized: Your user
> > > account does not have the required permission. Access to 'manage' of
> > > (Application instance
Lennart Regebro wrote:
> Once again I have the problem that all references to imported
> modules/objects/whatever dissapear when refreshing.
>
> It seems like sometimes some modules are not refreshed, even though they
> really are. Could it be that not all modules are properly purged from
> memor
Lennart Regebro wrote:
> From: "Shane Hathaway" <[EMAIL PROTECTED]>
>
>>You're likely to run into this if your product does
>>anything more than simply define and register classes that derive from
>>SimpleItem.
>
>
> Strangely enough we d
Lennart Regebro wrote:
> A new idea:
>
> Could the problem appear when you have "circular" product imports, i.e.:
>
> In Product.ProductA.ProductA.py:
> from Product.ProductB.SupportModule import Supportmodule
>
> In Product.ProductB.ProductB.py:
> from Product.ProductB.AnotherModule im
Dirk Datzert wrote:
> Hi,
>
> I found it useful if the AcceleratedHTTPCacheManager would sent a
> cache-pragma of type 'no-cache' for authenticated user and objects which
> should not be cached on authenticated connections.
>
> I had configured a apache proxy and without that fix the mod_proxy w
Toby Dickenson wrote:
> On Friday 04 Oct 2002 1:18 pm, Guido van Rossum wrote:
>
>
>>To make it worse when this is sometimes done for a large stretch of
>>code, even though there are only a few specific spots where the
>>exception is expected.
>
>
> The idiom of putting this long stretch of co
Leonardo Rochael Almeida wrote:
> I'm testing a fix for the TALES case along the lines of what Casey
> sugested and will report back with results.
Leo,
This is a good thing to work on but you really should work on the trunk.
The TALES exception handling was redone after Zope 2.5. Exceptions
On Wed, 9 Oct 2002, Chris Withers wrote:
> Shane, can you confirm this?
>
> cheers,
>
> Chris
I can confirm it has changed. Overall description here:
http://dev.zope.org/Wikis/DevSite/Proposals/BetterTracebacks
Shane
>
> Leonardo Rochael Almeida wrote:
> >>Now, normal python tracebacks inclu
On Wed, 9 Oct 2002, Chris Withers wrote:
> Shane Hathaway wrote:
> > I can confirm it has changed. Overall description here:
> >
> > http://dev.zope.org/Wikis/DevSite/Proposals/BetterTracebacks
>
> looks cool :-)
>
> Are there details of what did/didn't g
Jeff Kowalczyk wrote:
> This is OT, but I have a deadline approaching and needed to go where the ZEO users
>are so
> I can get this figured out as soon as possible, in case zope-general doesn't yield a
> suggestion. Thanks in advance for any help anyone can offer, hopefully this is
>old-hat to
>
Toby Dickenson wrote:
> On Thursday 10 Oct 2002 7:02 pm, Brian R Brinegar wrote:
>>If there is a way to see that the Zeo Clients are getting more requests
>>than they can handle and thus queueing up requests it is probably time to
>>add more machines.
>
>
> Does your front end proxy log elapsed
Leonardo Rochael Almeida wrote:
On Mon, 2002-10-21 at 13:33, Andy McKay wrote:
In Florent's message on date screwup he mentioned 2.6.1...
I know 2.6.1 is supposed to be finished pretty soon but not within a week,
right? :-)
Is there a plan, schedule etc for 2.6.1? I couldn't find it in the
Jens Vagelpohl wrote:
being explicit is almost always better. you are relying on internal
magic and it's not apparent from looking at the code you wrote.
the validate implementation in the LDAPRoleExtender is the "most
correct" one. shane worked on it for a while to make sure it does the
most
Dirk Datzert wrote:
And if you're interested, I know how we can make LDAPRoleExtender much
safer, based on conversations with Jens.
Sure I'm interessted.
Ok. All User objects have a getRolesInContext() method. All this
method does right now is scan the acquisition context for
__ac_local_r
Dirk Datzert wrote:
LDAPUser from LDAPUserFolder inherits getRolesInContext from BasicUser,
right ?
LDAPRoleTwiddler caches LDAPUser entries with changed 'local' roles.
Where is the LDAPUser class located?
What user object will be used if you talk about 'user objects' ?
user objects out of L
Jens Vagelpohl wrote:
i was always under the impression that getRolesInContext is not getting
called in all places where it should be called. that was one of the
reasons i went for a "replace all global user roles" approach.
i might be wrong... (which would be nice because using shane's idea
Jens Vagelpohl wrote:
Dirk Datzert wrote:
LDAPUser from LDAPUserFolder inherits getRolesInContext from BasicUser,
right ?
LDAPRoleTwiddler caches LDAPUser entries with changed 'local' roles.
Where is the LDAPUser class located?
imported from the LDAPUserFolder module
Ok, that does make i
Dirk Datzert wrote:
def getRolesInContext(self, obj):
lrt = obj.acl_users # get nearest acl_users for obj (not really sure
if this works ?)
user = lrt.getUser ( self.getId(), self._getPassword() )
return user.getRoles()
Hmm, no, the user object is simply "self".
yes wrong question ;-)
Jeff Rush wrote:
I don't quite understand -- so there *are* root
level elements specific to Zope that need to
be copied into a Zope-over-ZEO environment?
(hm, how do those elements get into a
non-FileStorage Zope-over-ZEO environment?)
And do those elements interfere even a little in
a non-Zope-j
Steve Alexander wrote:
Casey Duncan wrote:
> It is only there due to lack of time to take it out. We had planned to
> take it
> out for 2.6, but time was never made to replace it with code to
> bootstrap an
> empty storage with the proper root level elements still residing in
> Data.fs.in.
Brian R Brinegar wrote:
Okay,
I'm trying to better understand Caching within Zope. Is a cache created
for each Zope Thread? Or one per Zope instance?
We have 3 ZEO Clients with 4 Threads each. I want to know if we have 3
copies of the cache, or 12 copies of the cache.
If you're talking about R
2.6 has a database activity graph to help you tune the ZODB cache size.
Shane
On Thu, 21 Nov 2002, Shane Hathaway wrote:
Brian R Brinegar wrote:
Okay,
I'm trying to better understand Caching within Zope. Is a cache created
for each Zope Thread? Or one per Zope instance?
We have 3 ZEO
Dieter Maurer wrote:
Brian R Brinegar writes:
> We have diskless ZEO clients (Netboot). There is really no reason for our
> ZEO clients to write their caches to the disk (RAM Disk). Can we turn this
> off? To free up RAM for the other caches?
With Zope 2.5 and Zeo 1.x, no cache is written unles
Brian R Brinegar wrote:
Okay,
Tell me where I'm wrong or if I'm lucky and got it right.
There is 1 client cache per thread on a ZEO client and 1 ZEO cache per ZEO
client. The ZEO cache is shared between the threads.
We have 3 machines 4 threads each that's 3 * 4 + 3 = 15 caches? Is this
correct
On 11/29/2002 01:33 PM, Ivo van der Wijk wrote:
On Fri, Nov 29, 2002 at 01:07:24PM +0100, Carlo Giomini wrote:
>Dear all,
>I need a sort of post-publishing hook (so to say). I need Zope to call a
>function of mine as the very last action of publishing a request,
i.e. after
>having built the res
I've been holding off status updates on the AdaptableStorage project
until I could say I'm confident that the approach will work and it's
easy enough to write your own serialization components. After numerous
refactorings, I'm pleased to say that it actually works and does
everything I hoped!
On 12/10/2002 12:53 PM, Evan Simpson wrote:
This past weekend I migrated a bunch of ZClasses and the web site that
uses them from a scratch Zope instance into my production instance. Both
run off the same 2.6 CVS branch checkout, connecting to ZEO servers
running from the same ZEO trunk checkout.
On 12/10/2002 09:58 PM, Evan Simpson wrote:
Shane Hathaway wrote:
> My first recommendation would be to turn your ZClass registry into an
> OOBTree. OOBTree has been maintained and updated.
Good thought, but no dice.
Well, it was worth a shot. :-)
Since it is rebuilding the regis
On Wed, 11 Dec 2002, Evan Simpson wrote:
> I think I've fixed my ZGlobals, but there's definitely a problem in
> coptimizations. I made Connections.py use the Python persistent_id,
> restarted twice, and ZGlobals was fine on the second restart.
Ah-ha, you now have a reproducible test case. Th
On 12/12/2002 12:30 PM, Jeremy Hylton wrote:
>>>>>"SH" == Shane Hathaway writes:
SH> On Wed, 11 Dec 2002, Evan Simpson wrote:
>> I think I've fixed my ZGlobals, but there's definitely a problem
>> in coptimizations. I made Connectio
Jeremy Hylton wrote:
I'll have to take a look, but may not get to it today. FWIW I thought
I fixed the bug on Friday. I could certainly create ZClasses through
the web without getting any obvious errors.
My little test (attached to the patch submission) passes with my version
as well as your
seb bacon wrote:
Shane, AdaptableStorage is insane and beautiful - congratulations :-)
Thanks! I've been working on this for a long time. Two years ago a
Digital Creations customer demanded proper object-relational mapping.
The customer abandoned us for different reasons, but I feel like the
Paul Winkler wrote:
On Wed, Jan 15, 2003 at 05:30:58PM +, seb bacon wrote:
Shane, AdaptableStorage is insane and beautiful - congratulations :-)
It seems to inspire insanity :) kosh and i got into a discussion on #zope
about using AdaptableStorage with reiserfs4, mapping zope properties
t
Chris Withers wrote:
Shane Hathaway wrote:
performance. There needs to be a way for applications that modify the
database to tell Zope about the modification, so Zope can reset its
caches.
But, IIRC, the last time this was discussed on a mailing list you had
some cool ideas to sovle the
seb bacon wrote:
Shane Hathaway wrote:
Chris Withers wrote:
Shane Hathaway wrote:
performance. There needs to be a way for applications that modify
the database to tell Zope about the modification, so Zope can reset
its caches.
But, IIRC, the last time this was discussed on a mailing
Oliver Bleutgen wrote:
Shane Hathaway wrote:
On the filesystem, the problem seems much more difficult, since there
are no transactions. You'd like the kernel to send Zope a message
anytime someone modifies a file in a certain hierarchy, but that would
require kernel hacking.
FWIW, si
Oliver Bleutgen wrote:
Shane Hathaway wrote:
I've seen it before, but I don't think FAM is able to monitor an
entire directory tree. It only monitors individual files. I'd really
like to be wrong. :-)
I think you are wrong, because the manpage (for IRIX) says otherwise.
A
Chris Withers wrote:
Shane Hathaway wrote:
I'm thinking about "real-time" updates. When the underlying data
changes, you'd like Zope to see the change immediately. If indefinite
delays are OK, then AdaptableStorage already does enough: it raises a
ConflictError if you
On Wed, 22 Jan 2003, Chris Withers wrote:
> I think this is as "such is life" problem. Provided AdaptableStorage
> provides some way (exposed url?) for an external process to say that
> things have changed, I think that's the best form of flexibility we can
> provide.
I think I'll provide such an
Paul Winkler wrote:
Visit foo/absolute_url and you will find that it
"has an empty or missing docstring".
Is this by design, or is it just something that nobody has needed?
I would like to propose making it callable TTW, unless somebody
knows a reason it should not be.
I don't know whether absol
Shane Hathaway wrote:
That would be pretty cool, since it's easy for scripts to add to the
queue, and it gives you plenty of granularity. It wouldn't work under
Windows, though, AFAIK. Maybe on Windows we could call back to a
network socket that accepts the same kind of data.
Oop
[EMAIL PROTECTED] wrote:
Hi Shane
I have been thinking about this last night.
I think you should provide some sort of out of band signalling
method. But given that Adaptable Storage sits below ZODB, which
sit's below Zope, I feel that the signalling method should be directed
at the lowest level
Zope-Dev'ers,
Just for fun, I made a mockup (using QT Designer) of a Zope server control
and monitoring GUI. It's purely nonfunctional--just an idea. Check it
out here:
http://hathaway.freezope.org/Images/controller_snapshot.png
It's not fancy, but it's complete: you can watch and control mu
On 02/07/2003 11:43 AM, Gilles wrote:
Hello,
I am working since a long time with zope and was continuously worried about
a few problems, unfortunately none of them was fixed along the years:
- zserver can not 'recover' busy thread
- log show nothing in case of blocking: log is written when the r
On 02/07/2003 02:16 PM, Paul Winkler wrote:
On Fri, Feb 07, 2003 at 10:32:44AM -0800, [EMAIL PROTECTED] wrote:
If there is any interest in a framework that could provide the underlying
functionality to multiple UI front-ends, as well as automated stuff like
alerts/monitoring, I would certainly b
On Sat, 8 Feb 2003, Andy McKay wrote:
> > It's not fancy, but it's complete: you can watch and control multiple
> > servers from a single place. The flashing yellow LED-like indicators
> > would give you a great deal of confidence that information is flowing.
> > It sure would be appealing. An
Paul Winkler wrote:
On Mon, Feb 10, 2003 at 06:11:15PM -0200, Leonardo Rochael Almeida wrote:
Please, please, please, don't use generic "except:". They can cause ZODB
corruption if they catch ConflictErrors.
Can anyone else confirm or deny???
If true, it needs to be much more widely publicize
) resets the flag.
Shane
On Mon, 2003-02-10 at 15:47, Shane Hathaway wrote:
"tal:on-error" also catches all exceptions. It could be made to catch
all exceptions except ConflictError, but I don't feel like that's the
right solution. I think the right solution is to prev
Paul Winkler wrote:
On Mon, Feb 10, 2003 at 03:47:58PM -0500, Shane Hathaway wrote:
This doesn't seem to be a showstopper for now, but as more applications
use ZODB, it could become a bigger problem.
Well, what kind of errors can this cause in the ZODB?
If it's just a matter of
Toby Dickenson wrote:
On Monday 10 February 2003 8:47 pm, Shane Hathaway wrote:
Great, so there's at least 133 things to examine to see if they
could catch a ConflictError. And I only wrote about 15 of those.
The rest could be very time-consuming to audit.
"tal:on-error" a
Jeremy Hylton wrote:
On Tue, 2003-02-11 at 04:13, [EMAIL PROTECTED] wrote:
Chris McDonough wrote:
Could this be done by initializing a dictionary at startup keyed on
thread-id that a ConflictError exception's __init__ could stick a marker
into, then checking that dictionary at commit time and
Jeremy Hylton wrote:
On Tue, 2003-02-11 at 12:10, Shane Hathaway wrote:
I added a test to testZODB.py on a new branch
(shane-conflict-handling-branch) that exercises the conflict handling
bug. The test currently fails. It might be simpler to go with Toby's
implementation for now:
Romain Slootmaekers wrote:
Shane Hathaway wrote:
If we have veto(), it should probably expect a string argument that
explains the reason for the veto. Then if something tries to commit,
we can raise VetoedError(explanation). Otherwise, it seems like
failed transactions would be opaque and
Brian R Brinegar wrote:
We are running Zope 2.5.1 and ZEO 1. When someone does an Undo it doesn't
seem to update all of the ZEO clients consistently. Some ZEO clients
reflect the undo, others sometimes show an older version of the database
and sometimes we get POSKeyErrors. Any idea what causes th
Leonardo Rochael Almeida wrote:
I believe we should have a proper persitent protocol, either PGCI or
FastCGI (but probably not both, to avoid confusion), to connect Zope and
front-end webservers and we should also make an effort to keep the
connectors from major HTTP servers to those protocols in
On 02/18/2003 09:16 AM, Andre Schubert wrote:
I try to explain what happens. Lets say i have a user called foo who
has Manager-Roles across a Zope-site. foo has added 2 DTMLMethods to
a folder called bar and foobar. foobar is called from inside bar
(). He also created a Role MSAdmin. bar is
access
I just read the RDF article published here:
http://www.xml.com/pub/a/2003/02/12/rdflib.html
I've understood the mechanics of RDF for a while, but never understood
what makes it better than what we already have. Now I think I get it:
RDF theory is a new kind of database abstraction. It's simil
Steve Alexander wrote:
Shane Hathaway <[EMAIL PROTECTED]> wrote:
Do you not want foo to have the Manager role?
Andre Schubert wrote:
No, because he is no longer in our company.
Shane Hathaway <[EMAIL PROTECTED]> wrote:
I think you're asking for a "find + cho
Lukasz Racon wrote:
I just read the RDF article published here:
http://www.xml.com/pub/a/2003/02/12/rdflib.html
I've understood the mechanics of RDF for a while, but never understood
what makes it better than what we already have. Now I think I get it:
RDF theory is a new kind of database abstr
Jean Jordaan wrote:
All I can think is that that object 'basic' lacks context for
some reason (i.e. lacks an acquisition wrapper?). I can't think
why it lacks context .. we use that idiom all over the app, and
don't normally get any problems.
That's all I can think of also. Try examining basic.
Paul Everitt wrote:
Shane Hathaway wrote:
I've understood the mechanics of RDF for a while, but never understood
what makes it better than what we already have. Now I think I get it:
RDF theory is a new kind of database abstraction. It's similar to a
relational database in th
On 02/20/2003 09:06 PM, Tim Hoffman wrote:
In case your not aware Chandler OSAfoundation is basing their
new PIM on RDF/ZODB/Python etc...
if you haven't already it might be worth having a look at how they see
RDF fitting into the picture.
http://www.osafoundation.org/Chandler_rel._0.1.htm
Wow
Florent Guillaume wrote:
I'm sorry to bring forward the topic of grammar, which is usually very
bad netiquette, and I hope nobody will feel offended, but...
I cringe everytime I see "it's" used instead of "its" in the checkins or
the wikis, which happens very often. Some folks are even using the
in
On 02/26/2003 07:16 PM, Ross Boylan wrote:
I am working on a poll/survey type product and want to handle
responses by email as well as the web. If you have any advice about
the best architecture, I would appreciate it. I'm currently using
Zope 2.5 on Linux, though it would be nice if the solution
Jean Jordaan wrote:
Hi Shane, Toby ..
Set Tardis for
http://mail.zope.org/pipermail/zope-dev/2003-February/018837.html
All I can think is that that object 'basic' lacks context for
some reason (i.e. lacks an acquisition wrapper?). I can't think
why it lacks context .. we use that idiom all over th
Andy McKay wrote:
Anyway, after talking this over with my colleague, I realize that
the problem of *deriving* dependencies is fundamentally undecidable.
We might be able to figure it out in the case of simple acquisition,
like
But it is hopeless for pure python:
:)
Well you could, in theory, ho
Fabio Paracchini wrote:
Hi Shane,
I was able to successfully install and use DBTab & BDBStorage, and
to
migrate a legacy archive of about 20Gb of Office documents.
Now I run in this situation: I'd like to partition those archives, so that
everything is not in a single giant DB, but is split
Florent Guillaume wrote:
Is there any way to "unmount" then "remount" a mounted storage from a
running Zope?
Use case: mounting it read-only most of the time, and switching to
read-write at selected points when updates are allowed.
It would be fairly easy (no "unmount" necessary--just toggle the
r
On 03/12/2003 07:54 PM, Christian Tismer wrote:
Dear Zope community,
please excuse my ignorance, but I am asked
from time to time how secure or insecure
Zope actually is, and I always have to say
that I actually don't know.
There are people claiming that Zope opens a system
to quite some level, ot
On Thu, 13 Mar 2003, Toby Dickenson wrote:
> On Thursday 13 March 2003 5:21 am, Shane Hathaway wrote:
>
> > The only vulnerability would involve
> > trusted users who want to vandalize Zope. So even though there have
> > been many hotfixes, they are irrelevant--Zope
On 03/24/2003 12:28 PM, kosh wrote:
On Monday 24 March 2003 09:05 am, Leonardo Rochael Almeida wrote:
On Fri, 2003-03-21 at 20:08, kosh wrote:
I am having a problem where DTML is allowing access to an attribute of an
object that restrictedTraverse and regular . notation denies from a
python scrip
Bjorn Stabell wrote:
Hi Zope gurus,
After upgrading to Zope 2.6.1 on Linux, when submitting forms, we
sometimes get this error:
Site Error
...
exceptions.IOError
...
Traceback:
Module ZPublisher.Publish, line 150, in publish_module
Module ZPublisher.Publish, lin
Andy McKay wrote:
Im not keeping up on zope-3 at the moment, whats the plan for versions
there? Just wondering if there is any great solution there that can be
backported.
I think the solution for Zope 3 is to move all versioning to the
application layer. We've been doing this with CMF (using
Zo
Andrew R. Halko wrote:
Thanks Shane. Is all of your suggestions along with the setup I was
considering? I have to research ZEO, cause I know nothing about it. Do
you mind explaining the last two things just a slight more as I am
unfamiliar. Such as how you figure out cache and what is packing?
Andrew R. Halko wrote:
Now, I am trying to setup my dbtab.conf to first test this before I try
and integrate it into my current site, which has limited info now, but
needs to be ready for major population in a week or two at most. Here
is what I am guessing for config, maybe you can tell me if I a
Casey Duncan wrote:
The security implications do not seem dire enough to me to warrent trying to
squeeze this into 2.6.x. If you do not use versions then none of the
implications apply. Perhaps it might be possible to do additional security
checks to make entering versions more protected. This m
Jamie Heilman wrote:
Tooling through restructuring of my site I discovered a stupid
permissions problem. While App.Permission declares the 'Define
permission' perm it never gets initialized and thus
manage_addPermission{,Form} basically had weakened security. The
permission 'Access contents infor
Jamie Heilman wrote:
I can't fathom the ZClass code. Can somebody tell me if manage_addZClass,
manage_addZClassForm, and manage_subclassableClassNames are supposed
to be protected by the 'Add Zope Class' permission, or if the code in
ZClasses/__init__.py is pure fluf? That permission never shows
Jamie Heilman wrote:
Shane Hathaway wrote:
It is. Older Zope code uses the manage_ prefix to require the Manager
role by default. Needless to say, that strategy did not cope well with
later enhancements to Zope.
OK. So what about the stuff in ZClasses/__init__.py, pure fluf?
After
Chris McDonough wrote:
On Wed, 2003-05-28 at 21:33, Jeffrey P Shell wrote:
I know there are some fixes likely to be in Zope 2.6.2 that may help
with the situation, but I'd like to put extra protections around this
code regardless of what may be coming in the future.
It will only get worse with
Sidnei da Silva wrote:
On Thu, May 29, 2003 at 09:28:16PM +0200, Andreas Jung wrote:
| I checked the corresponding code and the temporary files should be closed
| automatically when the upload was successful (the __del__() method of the
| TemporaryFile
| class closes the file). The leak might come
501 - 600 of 663 matches
Mail list logo