Rossen Raykov writes:
* the immediate correspondence between the request and the
response containing essential information to analyse the problem
It's application problem and the application have to handle it.
Log all the request/responses on the server or the client side.
* the immediate correspondence between the request and the
response containing essential information to analyse the problem
It's application problem and the application have to handle it.
Log all the request/responses on the server or the client side.
* newbies
They have
From: Rossen Raykov [EMAIL PROTECTED]
Shall the dump help the regular surfer? I doubt so.
Shall it benefit the developer or the tester? Most probably not since they
are not performing their activities on the production site.
Oh, they most definitely help the developer or tester, because
Shall the dump help the regular surfer? I doubt so.
Shall it benefit the developer or the tester? Most probably not since
they
are not performing their activities on the production site.
Oh, they most definitely help the developer or tester, because errors do
appear on production sites
On Sat, 6 Apr 2002, Rossen Raykov wrote:
BUT: The developer has access to the system, and the dump doesn't have to
be
included in the HTML output. Maybe error dumps could be sent to a disk-log
of some sort?
Exactly that's my point.
Log it with as many details as you can!
From what he
Rossen Raykov writes:
...
1. the server log
2. the output to the client.
...
In the second case it is better if Zope is returning just the error or the
response.
In the XML-RPC case the error have to be a valid XML-RPC response, not a
stack trace.
Thus, this may mean an exception
Rossen Raykov wrote:
My point was that Zope is revealing internal information that is believed to
be private and invisible for the Internet users.
It happens in its default (debug) installation and even after -D option is
removed from the startup script.
Rossen and others interested in
Shane Hathaway writes:
If you can, please check out the latest Zope from CVS. Tracebacks no
longer appear by default, and even when they do, they do not show any
filesystem paths. (If you already have a checkout, make sure you use
cvs up -dP to get the new product.)
I am very
, April 04, 2002 2:55 PM
Subject: Re: [Zope-dev] Re: [Zope] isecure XML-RPC handling.
Shane Hathaway writes:
If you can, please check out the latest Zope from CVS. Tracebacks no
longer appear by default, and even when they do, they do not show any
filesystem paths. (If you already have
I think most people missed the point here. I don't think Rossen
is asking for help on running zope or getting xml-rpc to work with
it. He's observed a security problem: he believes the fact that
a traceback including path names is included in the error response
is a security exposure.
] isecure XML-RPC handling.
I think most people missed the point here. I don't think Rossen
is asking for help on running zope or getting xml-rpc to work with
it. He's observed a security problem: he believes the fact that
a traceback including path names is included in the error response
On Tue, Apr 02, 2002 at 04:01:41PM -0500, Eron Lloyd wrote:
On that thought, I'd like to see Zope.org become much more modern, and
reflect the *latest* and *greatest* functionality of Zope. Deprecation of the
hybrid PTK that's used, as well as updating and polishing of the site
regularly.
12 matches
Mail list logo