Someone out there might like to sanity check my thinking on a possible
security hole that arises if some form of cookie authentication, the
CookieCrumbler for instance, is used with Zope.
The scenario of concern is when cookie authentication is being used and
Zope is accessed by a browser via
Toby Dickenson [EMAIL PROTECTED] wrote:
I agree with both of these two points that Jeffrey made. It is a sore
omission from the core, but I cant see any place to hook the user
interface that doesnt amount to bloat for many folders that dont
need.
Does it make sense to include an
You might remember me, I've been a big Zope fan since ZTables,
and have recently been asked Why Zope?. The project is
commited to PostgreSQL and leaning toward PHP. Here's the
project requirements for a softwre company:
Hardware Compatability List
Software Compatability List
Store/ECommerce
Plus the over head of running Zope instances is greater than
PHP scripts.
Is this really ture for anything non-trivial?
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML
I am not a PHP guy by any means, but I imagine having to run an
extra server (Apache, Postgres vs Apache, Zope, Postgres) means
there is another server process to watch, manage,
start/restart. You don't have to do those things with PHP
scripts.
Perhaps someone with experience with a larger
From: Florent Guillaume [EMAIL PROTECTED]
Also do we want all folders to be ordered by default ?
I wouldn't want this. I don't know how ordered folder works nowadays, but I
want it sorted on name by default.
___
Zope-Dev maillist - [EMAIL
I have only minor experience with PHP so this may be ignorant, but isn't
programming a web application with PHP scripts more comparable to
programming such an application with Python scripts? If PHP scripts are
handling HTTP requests directly, that can also be done with pure Python
scripts.
Jason Spisak wrote:
You might remember me, I've been a big Zope fan since ZTables,
and have recently been asked Why Zope?. The project is
commited to PostgreSQL and leaning toward PHP. Here's the
project requirements for a softwre company:
Hardware Compatability List
Software
I think that's a big part of it. Using something that's
already documented that has many features of a 'web app' built
in already, vesus scripting those. But there are a lot of
prepackaged scripts for Calendars, and database connections,
shopping carts, etc... for PHP. So there's got to
Excellent thinking. I'm guessing that the PyscopyDA handles
that type of thing and makes sure that it doesn't get nasty.
That's a big win for Zope when dealing with inventory and
things like that. Thanks Oliver.
On Tuesday 23 April 2002 10:33 am, you wrote:
Jason Spisak wrote:
You might
At 11:01 AM 4/23/02 -0700, you wrote:
But there are a lot of prepackaged scripts for Calendars, and database
connections, shopping carts, etc... for PHP. So there's got to be more
that just the prepackagedness of Zope to chose it over PHP.
Yes, that is important. Of course, there are a lot
Curiously, if there are prepackage scripts for both, and
there's less to 'mange' with PHP, that's a PHP win. I
personally have CalendarTag, ZDataQueryKit and lots of yummy
others runing from the downloads page. But since I'm trying to
convince PHP people that using Zope is better, they
Dirk,
Thanks for that. By 'separation' I'm assuming you mean ZPT,
correct? I'm new to that, but the virtues seem to be simple
edit and save for layout folks.
With PHP, you can create forms to publish content. You don't
have to give content mamagers PHP. Zope's a win for Designers,
for
From: Jason Spisak [EMAIL PROTECTED]
I think Oliver's point about transaction safety is a big win.
I might convince them just on that. But I'm still looking for
more ammunition.
Basic things from the top of my head:
- Full OO = short development time = cheaper development.
- Integrated
Thanks Lennart,
There is OO php now, which they seem to enjoy. ugh The
audited security is something I believe is big win. The
quickness and efficiency of Zope Corp's (still calling them DC
in my head) Zope security patching is outstanding. The
community really shines there.
With
Dirk,
One more quick question about application/business logic in one
place and layout in another.
Looking at ZPT, I still see expressions and condition
statements in the Templates themselves. That's not really
separation, it's just making it work with HTML editing tools.
I'm curious is
OrderedFolder is not about having an ordered default view in the management
interface. The point is that people want to build menus or web pages that
consist of several objects in a folder, using objectValues()/objectIds().
Without OrderedFolder or a similar approach it is very hard to position
To everyone who replied to this thread, I give a hearty
congratulatory Thank you. They have decided to allow me to
mock up the app in Zope and prove it's worthiness. I'm already
halfway done with the first 2 modules. ;-)
To recap what turned the tides were these wins:
1. Zope's security
It would appear that their FTP implementation is not working
correctly, when connecting to a Zope FTP system behind a
firewall.
Zope is running on port 8880 and ftp service works fine from
inside the firewall on port 8821. From outside the firewall, I
get a login prompt, enter my password,
On Tue, 2002-04-23 at 18:52, Jason Spisak wrote:
It would appear that their FTP implementation is not working
correctly, when connecting to a Zope FTP system behind a
firewall.
Zope is running on port 8880 and ftp service works fine from
inside the firewall on port 8821. From outside
Do not be so quick to conclude that. FTP *has* firewall problems. since
I know nothing of the firewall, I can not help in too much detail.
ftp connections, by default, go from the ftp server-client for the data
connections. the data is carried by a seperate channel, on a randomly
numbered
21 matches
Mail list logo