Someone out there might like to sanity check my thinking on a possible
security hole that arises if some form of cookie authentication, the
CookieCrumbler for instance, is used with Zope.
The scenario of concern is when cookie authentication is being used and
Zope is accessed by a browser via
On Tue, 23 Apr 2002 11:52:26 +0100, Richard Barrett
<[EMAIL PROTECTED]> wrote:
>Unless someone can refute this scenario (please, please do) then it appears
>to me that Cache-Control headers need to be added to all responses
>conditional on authentication by Zope using cookie authentication.
I
Toby Dickenson <[EMAIL PROTECTED]> wrote:
> I agree with both of these two points that Jeffrey made. It is a sore
> omission from the core, but I cant see any place to hook the user
> interface that doesnt amount to "bloat" for many folders that dont
> need.
>
> Does it make sense to include an O
You might remember me, I've been a big Zope fan since ZTables,
and have recently been asked "Why Zope?". The project is
commited to PostgreSQL and leaning toward PHP. Here's the
project requirements for a softwre company:
Hardware Compatability List
Software Compatability List
Store/ECommerc
> Plus the over head of running Zope instances is greater than
> PHP scripts.
Is this really ture for anything non-trivial?
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML en
I am not a PHP guy by any means, but I imagine having to run an
extra server (Apache, Postgres vs Apache, Zope, Postgres) means
there is another server process to watch, manage,
start/restart. You don't have to do those things with PHP
scripts.
Perhaps someone with experience with a larger P
From: "Florent Guillaume" <[EMAIL PROTECTED]>
> Also do we want all folders to be ordered by default ?
I wouldn't want this. I don't know how ordered folder works nowadays, but I
want it sorted on name by default.
___
Zope-Dev maillist - [EMAIL P
I have only minor experience with PHP so this may be ignorant, but isn't
programming a web application with PHP scripts more comparable to
programming such an application with Python scripts? If PHP scripts are
handling HTTP requests directly, that can also be done with pure Python
scripts.
Jason Spisak wrote:
> You might remember me, I've been a big Zope fan since ZTables,
> and have recently been asked "Why Zope?". The project is
> commited to PostgreSQL and leaning toward PHP. Here's the
> project requirements for a softwre company:
>
> Hardware Compatability List
> Software
I think that's a big part of it. Using something that's
already documented that has many features of a 'web app' built
in already, vesus scripting those. But there are a lot of
prepackaged scripts for Calendars, and database connections,
shopping carts, etc... for PHP. So there's got to be
Excellent thinking. I'm guessing that the PyscopyDA handles
that type of thing and makes sure that it doesn't get nasty.
That's a big win for Zope when dealing with inventory and
things like that. Thanks Oliver.
On Tuesday 23 April 2002 10:33 am, you wrote:
> Jason Spisak wrote:
> > You mig
At 11:01 AM 4/23/02 -0700, you wrote:
>But there are a lot of prepackaged scripts for Calendars, and database
>connections, shopping carts, etc... for PHP. So there's got to be more
>that just the prepackagedness of Zope to chose it over PHP.
Yes, that is important. Of course, there are a lo
Curiously, if there are prepackage scripts for both, and
there's less to 'mange' with PHP, that's a PHP win. I
personally have CalendarTag, ZDataQueryKit and lots of yummy
others runing from the downloads page. But since I'm trying to
convince PHP people that using Zope is better, they just
Dirk,
Thanks for that. By 'separation' I'm assuming you mean ZPT,
correct? I'm new to that, but the virtues seem to be simple
edit and save for layout folks.
With PHP, you can create forms to publish content. You don't
have to give content mamagers PHP. Zope's a win for Designers,
for su
From: "Jason Spisak" <[EMAIL PROTECTED]>
> I think Oliver's point about transaction safety is a big win.
> I might convince them just on that. But I'm still looking for
> more ammunition.
Basic things from the top of my head:
- Full OO = short development time = cheaper development.
- Integrat
Thanks Lennart,
There is OO php now, which they seem to enjoy. The
audited security is something I believe is big win. The
quickness and efficiency of Zope Corp's (still calling them DC
in my head) Zope security patching is outstanding. The
community really shines there.
With undoable t
Dirk,
One more quick question about application/business logic in one
place and layout in another.
Looking at ZPT, I still see expressions and condition
statements in the Templates themselves. That's not really
separation, it's just making it work with HTML editing tools.
I'm curious is
Jason Spisak wrote:
> Excellent thinking. I'm guessing that the PyscopyDA handles
> that type of thing and makes sure that it doesn't get nasty.
> That's a big win for Zope when dealing with inventory and
> things like that. Thanks Oliver.
>
Just to be clear about the extend of this transa
Oliver,
Thanks, that's an important distinction. Not just one
transaction item, but all the items you group into one
'business transaction' within the Zope application. Meaning
(not that it's the case here) multiple different database
writes, yes? Powerful stuff.
I must have misinterprete
OrderedFolder is not about having an ordered default view in the management
interface. The point is that people want to build menus or web pages that
consist of several objects in a folder, using objectValues()/objectIds().
Without OrderedFolder or a similar approach it is very hard to position
ob
-> I must have misinterpreted the presentation and business logic
-> issue. While there will always be conditionals and certain
-> small expressions in the presentation, it's the omission of the
-> 'fetch, compute, allow' type stuff that makes the separation.
Before we get too invol
To better facilitate pricing we have developed online calculators for a variety of
services. Freight-Calculator.Com has developed this unique pricing method FREE from
SALES COMMISSIONS.
1. Wholesale Door to Door Air at Wholesale RATES
http://www.freight-calculator.com/wholeicr.asp
2. Small LC
In the same way that Java was a reaction to the wicked corruption of C++,
PHP is merely a reaction to the wicked corruption of Perl.
Any language whose design is based on imitating another crippled language is
at a disadvantage to a language like Python that was well designed in the
first place.
To everyone who replied to this thread, I give a hearty
congratulatory "Thank you". They have decided to allow me to
mock up the app in Zope and prove it's worthiness. I'm already
halfway done with the first 2 modules. ;-)
To recap what turned the tides were these wins:
1. Zope's security
It would appear that their FTP implementation is not working
correctly, when connecting to a Zope FTP system behind a
firewall.
Zope is running on port 8880 and ftp service works fine from
inside the firewall on port 8821. From outside the firewall, I
get a login prompt, enter my password,
On Tue, 2002-04-23 at 18:52, Jason Spisak wrote:
> It would appear that their FTP implementation is not working
> correctly, when connecting to a Zope FTP system behind a
> firewall.
>
> Zope is running on port 8880 and ftp service works fine from
> inside the firewall on port 8821. From out
The first sentence was just a pasting of what got sent to me.
;-) I have no idea where the problem lies, hoestly. Just
seeing if anyone else who develops using FTP has experienced
this.Sorry if it came off judgemental.
On Tuesday 23 April 2002 5:49 pm, you wrote:
> On Tue, 2002-04-23 at
>
> Do not be so quick to conclude that. FTP *has* firewall problems. since
> I know nothing of the firewall, I can not help in too much detail.
ftp connections, by default, go from the ftp server->client for the data
connections. the data is carried by a seperate channel, on a randomly
number
That's right. I remeber something about Linux ft servers
needing a rewriting module of something to be behind a firewall
and have people connect. Thanks to all. I'll go find the
answer elsewhere.
On Tuesday 23 April 2002 6:20 pm, Anthony Baxter wrote:
> > Do not be so quick to conclude that
Jason Spisak wrote:
>[snip]
>
>To recap what turned the tides were these wins:
>
>1. Zope's security model is far more scalable and flexible
>than anything home brewed in PHP.
>
>2. The scurity model is also audited by any, many people and
>tested and in production all over the place. ;-)
>
From: "Joachim Werner" <[EMAIL PROTECTED]>
> OrderedFolder is not about having an ordered default view in the
management
> interface.
I know that. Still, you do get an ordered default view with OrderedFolder
(unless something changed very recently).
31 matches
Mail list logo
