Re: [Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage'?

[Ken Manheimer]

[This thread should not be crossposted to both mailling lists.  I'm
following up to zope-dev, and will post a note to zope saying i did so.  
In general, please do *not* cross-post - it's almost never justified,
certainly isn't in this case.]

On Tue, 9 Jan 2001, Mohan Baro wrote:

> My view is that as a sysadmin, I rather give ZOPE superuser/manager the
> ability install products through ZOPE, rather than giving them access to the
> OS.

The point is that giving web-access visitors the ability to install
products inherently gives them total OS/filesystem access, with the
authority of the account that is running zope.  As things stand, you can
give out web access *without* this OS/FS exposure - you're talking about
eliminating the discretion.

> Another view I have is that I do not want my developers to think about which
> platform they are working on.

This convenience will be at the cost of risk.  If you're willing to take
the risk, products that give filesystem and command access will give that
to you.  (Is local filesystem access what LocalFS does?)  Zope shouldn't
_force_ you to be exposed to that risk, just because some people want the
convenience.

> ZOPE runs on a variety of OSes and each one of then have their own way of
> providing file/directory security (or no security win9x). Zope should rely
> on its own security for its products.

... overriding the discretion of the system administrators?  Not
proper.  System administrators should have the choice - if they don't,
they'll refuse to run zope in droves - and well they ought to refuse.

Ken Manheimer
[EMAIL PROTECTED]



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Mohan Baro]

My view is that as a sysadmin, I rather give ZOPE superuser/manager the
ability install products through ZOPE, rather than giving them access to the
OS.

Another view I have is that I do not want my developers to think about which
platform they are working on.

ZOPE runs on a variety of OSes and each one of then have their own way of
providing file/directory security (or no security win9x). Zope should rely
on its own security for its products.

..IMHO

Mohan



-Original Message-
From: Martijn Pieters [mailto:[EMAIL PROTECTED]]On Behalf Of Martijn
Pieters
Sent: Tuesday, January 09, 2001 9:42 AM
To: Mohan Baro
Cc: Jason Cunliffe; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?


On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote:
> Are you planning a manage_install for products?
> The ability for superusers to install complelte products directly through
> the management interface, no need for ftp.
> similar to import/export feature

I hope not!

Anyone gaining management access to your Zope server will be
able to install arbitrary products on your server and gain access to the
file system.

There is a strict dividing line between the file system and the ZMI,
allowing installation through the web interface will cross that line with
one giant step.

--
Martijn Pieters
| Software Engineer  mailto:[EMAIL PROTECTED]
| Digital Creations  http://www.digicool.com/
| Creators of Zope   http://www.zope.org/
-

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Jonas Luster]

* Joachim Werner sez:

> Again you are right, but as Zope is really easy to install, I'd guess that it 
> is not only used (and installed) by "uberadmins" who know exactly what they 
> are doing  ...

Hmmm... coming to think about it. Zope comes with /Extensions as
drwxrwxr-x and UID='nobody' in z2.py. Unless the admin modifies the
standard setup, he's at least safe from people putting stuff into his
/Extensions.

You're right at a general level, tho. Hmm, wonder if I should write a
Zope-chroot-howto :)

Windoze-Zope-Users, on the other hand... well...

jonas

-- 
Jonas Luster -- http://smurftarget.net (while netwarriors.org is down) -- 
[EMAIL PROTECTED]

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Joachim Werner]

> > - You can work with full SSL-encryption, maybe even client certificates.
> >This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
> >while being the "better  TELNET/FTP" is not always an option, and it
> >always opens up more than necessary)
>
> what exactly does SSH open uo 'more than necessary'. Sufficient clue on
> admin's side provided?

Of course, "suficient clue on admin's side provided", you are right. But I 
don't know too many cases of perfectly secure configurations ...

> > - People won't hack together their own solutions for the problem (with
> >LocalFS installed and me having the rights to add LocalFS instances,
> > it would take me not very long to "infiltrate" any Zope server. Just add
> > the "Extensions" folder via LocalFS and upload all you need as External
> > Methods ...)
>
> That requires a few things, if I am not mistaken...
>
> a) ZServer runs as anything but nobody/nogroup and is not
>jail(8)ed/chrooted. If that is the case, well, I'd personally shoot
>the admin responsible for that if something comes up.
>
> b) ${ZOPEROOT}/Extensions allows nobody to write into it - shoot admin.

Again you are right, but as Zope is really easy to install, I'd guess that it 
is not only used (and installed) by "uberadmins" who know exactly what they 
are doing  ...

Joachim

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] Re: [Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Jonas Luster]

* Joachim Werner sez:

Ok, let me try to understand this one. I am a bit dumb, sorry...

> - You can work with full SSL-encryption, maybe even client certificates.
>This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
>while being the "better  TELNET/FTP" is not always an option, and it
>always opens up more than necessary)

what exactly does SSH open uo 'more than necessary'. Sufficient clue on
admin's side provided?

> - People won't hack together their own solutions for the problem (with
>LocalFS installed and me having the rights to add LocalFS instances, it
>would take me not very long to "infiltrate" any Zope server. Just add the
>"Extensions" folder via LocalFS and upload all you need as External
>Methods ...)

That requires a few things, if I am not mistaken... 

a) ZServer runs as anything but nobody/nogroup and is not
   jail(8)ed/chrooted. If that is the case, well, I'd personally shoot
   the admin responsible for that if something comes up.

b) ${ZOPEROOT}/Extensions allows nobody to write into it - shoot admin.

http://www.post1.com/home/ngps is a good way to start securing Zope, the
problem of transmitting passwords in the clear is a big one, but has
been solved at my domains by deploying SecurID-tokens, which might not
be the ultiamte solution (lots of stuff I wanted to hide is still
transmitted in the clear) but is a good start.

jonas

-- 
Jonas Luster -- http://smurftarget.net (while netwarriors.org is down) -- 
[EMAIL PROTECTED]

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Joachim Werner]

On Tuesday 09 January 2001 15:41, Martijn Pieters wrote:
> On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote:
> > Are you planning a manage_install for products?
> > The ability for superusers to install complelte products directly through
> > the management interface, no need for ftp.
> > similar to import/export feature
>
> I hope not!
>
> Anyone gaining management access to your Zope server will be
> able to install arbitrary products on your server and gain access to the
> file system.
>
> There is a strict dividing line between the file system and the ZMI,
> allowing installation through the web interface will cross that line with
> one giant step.

I think this is a political one. For me, the things that are really valuable 
on a web site are the data and the user information, which both are available 
through the web interface. At least if Zope runs as a user and has its own 
home directory, the additional damage that can be caused by people with file 
system access is not very high. O.k., they can shut down my server. They can 
do that by using "manage_shutdown" from the web anyway. Same with deleting 
all data on the server. IMHO a well-designed "over-the-web" installation 
concept would make Zope MORE secure, not less e.g.:

- You can work with full SSL-encryption, maybe even client certificates.
   This is much more secure than TELNET or FTP. (Unfortunately, SSH/SCP,
   while being the "better  TELNET/FTP" is not always an option, and it
   always opens up more than necessary)

- People won't hack together their own solutions for the problem (with
   LocalFS installed and me having the rights to add LocalFS instances, it
   would take me not very long to "infiltrate" any Zope server. Just add the
   "Extensions" folder via LocalFS and upload all you need as External
   Methods ...)

Cheers,

Joachim.

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Martijn Pieters]

On Mon, Jan 08, 2001 at 12:18:37PM -0500, Mohan Baro wrote:
> Are you planning a manage_install for products?
> The ability for superusers to install complelte products directly through
> the management interface, no need for ftp.
> similar to import/export feature

I hope not! 

Anyone gaining management access to your Zope server will be
able to install arbitrary products on your server and gain access to the
file system. 

There is a strict dividing line between the file system and the ZMI,
allowing installation through the web interface will cross that line with
one giant step.

-- 
Martijn Pieters
| Software Engineer  mailto:[EMAIL PROTECTED]
| Digital Creations  http://www.digicool.com/
| Creators of Zope   http://www.zope.org/
-

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Martijn Pieters]

On Mon, Jan 08, 2001 at 11:19:36AM -0500, Jason Cunliffe wrote:
> The need to improve the manage interface has grown urgently clear to me
> while using Zope myself, designing for all sorts of community and
> collaborative Zope-based projects, demos for a number of innocent
> bystanders, interested parties and potential clients.
> Zope 'manage' is plain primitive at present.
> 
> Considering the power of Zope, and the real workflow needs of people working
> with it, imho this present lack of thoughtful user interface makes no sense.
> By ignoring these basics, Zope is neglecting a #1 self-promotion
> opportunity - how it runs out of the box, and how quickly one can use it as
> site-planning/design tool.It is quite unproductive now compared to what it
> could/should be.
> 
> I am looking for real help here on how best to improve this...
> 
> Here is a list of features I believe should be default manage screen
> behavior now.
> Please submit your comments and improvements to these improvements:
> 
> KISS
> For those who do not want any added features, there should be an option in
> z2.py or as a manage_config DTML method in "/" or anywhere else in the tree
> to enable or disable 'advanced manage' features.
> 
> ---
> 1. SORT TABLE
> 'manage' needs to presented with basic column listings so one can display
> sort by headings.
> 
> I am not sure if this turns into a CatalogAware Inferno or whether all this
> info is  already hidden in the ZODB and could be extracted adn cached
> sensibly and quickly. What do you think?
> 
> For example some headings I see a real need for:
> 
> NAME [default now], DATE[created, last modified] SIZE, TYPE[meta-type],
> USER[default=owner], DEPTH, COUNT, CHANGES, PROPERTY, DISPLAY

The created date is not available in the ZODB. Depth I rather not use; you
don't want to wake up a huge subtree (like the Zope.org Members folder)
when determining the depth of a tree.

There has been some discussion about using the 'title' attribute of HTML
tags to add additional mouse-over visible information to objects, I think
a lot of the information fields you describe may have a place in that
field (and not clutter up the view).



> How easy hard is the above to do?
> Has it already bee done?
> What techniques/components exists already to make it happen?
> What need to be developed?
> How does this affect Zope core?
> What woudl you like to see when you click on manage?
> What would you lceints liek to see?

If you check out Zope 2.3 from CVS now, you'll see that a great many
changes have been made to the Zope Management Interface, included some of
the changes you listed, like sorting.

-- 
Martijn Pieters
| Software Engineer  mailto:[EMAIL PROTECTED]
| Digital Creations  http://www.digicool.com/
| Creators of Zope   http://www.zope.org/
-

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] RE: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?

[Mohan Baro]

Are you planning a manage_install for products?
The ability for superusers to install complelte products directly through
the management interface, no need for ftp.
similar to import/export feature



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jason
Cunliffe
Sent: Monday, January 08, 2001 11:20 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: [Zope] ZDESIGN IDEAS = How to improve 'manage' ?


Hello

I am cross poisting this becaese I beleie it merits responee fom both
lists..

The need to improve the manage interface has grown urgently clear to me
while using Zope myself, designing for all sorts of community and
collaborative Zope-based projects, demos for a number of innocent
bystanders, interested parties and potential clients.
Zope 'manage' is plain primitive at present.

Considering the power of Zope, and the real workflow needs of people working
with it, imho this present lack of thoughtful user interface makes no sense.
By ignoring these basics, Zope is neglecting a #1 self-promotion
opportunity - how it runs out of the box, and how quickly one can use it as
site-planning/design tool.It is quite unproductive now compared to what it
could/should be.

I am looking for real help here on how best to improve this...

Here is a list of features I believe should be default manage screen
behavior now.
Please submit your comments and improvements to these improvements:

KISS
For those who do not want any added features, there should be an option in
z2.py or as a manage_config DTML method in "/" or anywhere else in the tree
to enable or disable 'advanced manage' features.

---
1. SORT TABLE
'manage' needs to presented with basic column listings so one can display
sort by headings.

I am not sure if this turns into a CatalogAware Inferno or whether all this
info is  already hidden in the ZODB and could be extracted adn cached
sensibly and quickly. What do you think?

For example some headings I see a real need for:

NAME [default now], DATE[created, last modified] SIZE, TYPE[meta-type],
USER[default=owner], DEPTH, COUNT, CHANGES, PROPERTY, DISPLAY



NAME should be like now, but one needs to be able to group things more
sensibly, so that upper and lower-case can be ignored.
For example: MYFOLDER, myFolder_config, MyFOLDER_Display could all be
grouped together where the probably belong.

DATE
Fact of the matter is that, during development and very often during normal
life, we need to work on things according to the most recent ordering. This
is also an invaluable way for people on a development team to see what has
been 'happening'. Since Zope is a tool for 'customers who have customers who
have customers...' it means that even after the original site DTML/Python
developers may have gone home, a Zopesite is under development as long as it
is being used and growing. All of those users, especially deserve better
means to see and understand how the site is working and to allow them to
work better together.

SIZE
How big is this thing?
When I look at a graphic is it a thumbnail icon or a hires scan?
What about PDF
What about folders - how to calculate the size of folder?

TYPE
Display objects sorted by TYPE.

USER
Default sorts by Owner, but could also be designed to sort by last user who
accessed the object.

DEPTH
How many levels below this thing? This would only work for Zope folders.
An essential indicator of hidden complexity/importance etc.


COUNT
How many things are contained here? Targeted mainly for Zope Folders to
allow one get a good quick overview of site structure without needing to
click though a lot of trees of nested manage screens.
CONT could be nicely integrated with DEPTH feature above to make for a more
compact interface.
If the object is not Folder-like, then  COUNT could perhaps be used to
display references or some such. In other words, how many times is this
object referred to explicitly? I realize that dynamic Zopesite references *
acquisition could make this a painful/impossible question. But counting
static references could be very useful.
How should COUNT work with say 'standard_html_header? hmmm not sure.. My
idea is that at a minimum it could estimate how many references existed
below this part of the ZODB tree.

CHANGES
The idea here is to give a useful indication of objects which have changed.
But when and how?
I really don;t have an answer to this...
- perhaps a limited search using UNDO mechanism
- perhaps a simple user ID and date which showed the last person to change
it.

PROPERTY
This one should be easy.. sort adn display all objects in 'manage' based on
common property names and values.
For example, have a property called 'status' - values might be 'OK',
'buggy', 'draft', 'approved' etc.
Too many properties and to many values would detract from usefulness
probably, some some pragmatic workflow-oriented values could be very
valuable for ordering and developing Zope projec