[Zope-dev] Is there a Security problem with cookie authentication?

2002-04-23 Thread Richard Barrett
Someone out there might like to sanity check my thinking on a possible security hole that arises if some form of cookie authentication, the CookieCrumbler for instance, is used with Zope. The scenario of concern is when cookie authentication is being used and Zope is accessed by a browser via

[Zope-dev] Ordered Folder (was: Speaking of 2.6...)

2002-04-23 Thread Florent Guillaume
Toby Dickenson [EMAIL PROTECTED] wrote: I agree with both of these two points that Jeffrey made. It is a sore omission from the core, but I cant see any place to hook the user interface that doesnt amount to bloat for many folders that dont need. Does it make sense to include an

[Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
You might remember me, I've been a big Zope fan since ZTables, and have recently been asked Why Zope?. The project is commited to PostgreSQL and leaning toward PHP. Here's the project requirements for a softwre company: Hardware Compatability List Software Compatability List Store/ECommerce

RE: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Steve Drees
Plus the over head of running Zope instances is greater than PHP scripts. Is this really ture for anything non-trivial? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
I am not a PHP guy by any means, but I imagine having to run an extra server (Apache, Postgres vs Apache, Zope, Postgres) means there is another server process to watch, manage, start/restart. You don't have to do those things with PHP scripts. Perhaps someone with experience with a larger

Re: [Zope-dev] Ordered Folder (was: Speaking of 2.6...)

2002-04-23 Thread Lennart Regebro
From: Florent Guillaume [EMAIL PROTECTED] Also do we want all folders to be ordered by default ? I wouldn't want this. I don't know how ordered folder works nowadays, but I want it sorted on name by default. ___ Zope-Dev maillist - [EMAIL

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread William Trenker
I have only minor experience with PHP so this may be ignorant, but isn't programming a web application with PHP scripts more comparable to programming such an application with Python scripts? If PHP scripts are handling HTTP requests directly, that can also be done with pure Python scripts.

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Oliver Bleutgen
Jason Spisak wrote: You might remember me, I've been a big Zope fan since ZTables, and have recently been asked Why Zope?. The project is commited to PostgreSQL and leaning toward PHP. Here's the project requirements for a softwre company: Hardware Compatability List Software

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
I think that's a big part of it. Using something that's already documented that has many features of a 'web app' built in already, vesus scripting those. But there are a lot of prepackaged scripts for Calendars, and database connections, shopping carts, etc... for PHP. So there's got to

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
Excellent thinking. I'm guessing that the PyscopyDA handles that type of thing and makes sure that it doesn't get nasty. That's a big win for Zope when dealing with inventory and things like that. Thanks Oliver. On Tuesday 23 April 2002 10:33 am, you wrote: Jason Spisak wrote: You might

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread William Trenker
At 11:01 AM 4/23/02 -0700, you wrote: But there are a lot of prepackaged scripts for Calendars, and database connections, shopping carts, etc... for PHP. So there's got to be more that just the prepackagedness of Zope to chose it over PHP. Yes, that is important. Of course, there are a lot

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
Curiously, if there are prepackage scripts for both, and there's less to 'mange' with PHP, that's a PHP win. I personally have CalendarTag, ZDataQueryKit and lots of yummy others runing from the downloads page. But since I'm trying to convince PHP people that using Zope is better, they

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
Dirk, Thanks for that. By 'separation' I'm assuming you mean ZPT, correct? I'm new to that, but the virtues seem to be simple edit and save for layout folks. With PHP, you can create forms to publish content. You don't have to give content mamagers PHP. Zope's a win for Designers, for

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Lennart Regebro
From: Jason Spisak [EMAIL PROTECTED] I think Oliver's point about transaction safety is a big win. I might convince them just on that. But I'm still looking for more ammunition. Basic things from the top of my head: - Full OO = short development time = cheaper development. - Integrated

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
Thanks Lennart, There is OO php now, which they seem to enjoy. ugh The audited security is something I believe is big win. The quickness and efficiency of Zope Corp's (still calling them DC in my head) Zope security patching is outstanding. The community really shines there. With

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
Dirk, One more quick question about application/business logic in one place and layout in another. Looking at ZPT, I still see expressions and condition statements in the Templates themselves. That's not really separation, it's just making it work with HTML editing tools. I'm curious is

Re: [Zope-dev] Ordered Folder (was: Speaking of 2.6...)

2002-04-23 Thread Joachim Werner
OrderedFolder is not about having an ordered default view in the management interface. The point is that people want to build menus or web pages that consist of several objects in a folder, using objectValues()/objectIds(). Without OrderedFolder or a similar approach it is very hard to position

Re: [Zope-dev] PHP vs Zope cost benefit

2002-04-23 Thread Jason Spisak
To everyone who replied to this thread, I give a hearty congratulatory Thank you. They have decided to allow me to mock up the app in Zope and prove it's worthiness. I'm already halfway done with the first 2 modules. ;-) To recap what turned the tides were these wins: 1. Zope's security

[Zope-dev] Tyring to FTP to Zope running behind firewall, get login box but no directory listing

2002-04-23 Thread Jason Spisak
It would appear that their FTP implementation is not working correctly, when connecting to a Zope FTP system behind a firewall. Zope is running on port 8880 and ftp service works fine from inside the firewall on port 8821. From outside the firewall, I get a login prompt, enter my password,

Re: [Zope-dev] Tyring to FTP to Zope running behind firewall, getlogin box but no directory listing

2002-04-23 Thread Bill Anderson
On Tue, 2002-04-23 at 18:52, Jason Spisak wrote: It would appear that their FTP implementation is not working correctly, when connecting to a Zope FTP system behind a firewall. Zope is running on port 8880 and ftp service works fine from inside the firewall on port 8821. From outside

Re: [Zope-dev] Tyring to FTP to Zope running behind firewall, get login box but no directory listing

2002-04-23 Thread Anthony Baxter
Do not be so quick to conclude that. FTP *has* firewall problems. since I know nothing of the firewall, I can not help in too much detail. ftp connections, by default, go from the ftp server-client for the data connections. the data is carried by a seperate channel, on a randomly numbered