Re: [Zope-dev] Speaking of 2.6...

2002-04-22 Thread Toby Dickenson
On Wed, 17 Apr 2002 17:54:12 -0600, Jeffrey P Shell [EMAIL PROTECTED] wrote: On 4/17/02 9:56 AM, Gary Poster [EMAIL PROTECTED] wrote: If folks still want OrderedFolder (or, at least ordering capability) in the core I'm still willing to help with that. For add-to-the-core functionality, I'll

Re: [Zope-dev] Speaking of 2.6...

2002-04-18 Thread Chris Withers
Anthony Baxter wrote: deliberately-trolling-for-ChrisW-ly yrs, :-P Chris - stay in the stone age, I hear they have fire there ;-) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or

Re: [Zope-dev] Speaking of 2.6...

2002-04-18 Thread Anthony Baxter
Chris - stay in the stone age, I hear they have fire there ;-) mmm. fre pretty. Page Templates burn, don't dey. Be a shame if somefing was to happen to your nice shiny website. Anthony, who might have been spending too long in the bad places of SQL.

Re: [Zope-dev] Speaking of 2.6...

2002-04-18 Thread Chris Withers
Anthony Baxter wrote: Anthony, who might have been spending too long in the bad places of SQL. Maybe getting hooked back on the PHP too? I saw ya, that dodgy bloke in the street, money changing hands... *grinz* Chris ___ Zope-Dev maillist -

RE: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Stefan H. Holek
At 17.04.2002 10:57 -0400, Brian Lloyd wrote: From the Zen of Python: Explicit is better than implicit. We've been trying hard to adopt this bit of Zen. If you write REQUEST.set, you can look at it and easily see what is happening. Same with SESSION.set. If you're looking at dtml-set... as a

RE: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Dan L. Pierson
--On Wednesday, April 17, 2002 11:48:12 AM -0400 Brian Lloyd [EMAIL PROTECTED] wrote: We've already learned the hard way that the existing SiteRoots and VirtualHostMonsters etc. confuse people. This is partly due to under-documentation, but it is also partly because of the here, we'll

Re: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Chris Withers
Lennart Regebro wrote: Yup. Therefore I think that the host monster shouldn't be included. VHF should supercede it. If backwards compatibility is desired, add warning messages for usage and remove the VHM from the add box, but continue to include it in the code. :-) Just as a passing

Re: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Jeffrey P Shell
On 4/17/02 9:56 AM, Gary Poster [EMAIL PROTECTED] wrote: On Wednesday 17 April 2002 11:48 am, Brian Lloyd wrote: Ok :) As far as vetting virtual host folder, my concerns boil down to: a. dependency / requirement for ordered folder b. having yet another virtual host thing in the

Re: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Anthony Baxter
Brian Lloyd wrote We've been trying hard to adopt this bit of Zen. If you write REQUEST.set, you can look at it and easily see what is happening. Same with SESSION.set. The other reason why I made SESSION all shouty-caps in SQLSession[*] is to make it _very_ obvious when it's being used.

Re: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Anthony Baxter
Toby Dickenson wrote Do you remember what we had to type to achieve the equivalent of dtml-let, before dtml-let was introduced? That *was* horrible. gee, I dunno... dtml-with _.namespace(name='foo') /dtml-with has a sort of charm to it. sheesh, it's still not as ugly as ZPT.

Re: [Zope-dev] Speaking of 2.6...

2002-04-17 Thread Evan Simpson
Lennart Regebro wrote: There is an alternative, and that is to clean up the enhanced enhanced virtual host monster we at Torped have done. It's based on sfm@imemes enhanced VHM and just like VHF is makes it possible to have standalone virtual hosting without strange apache magic. We

RE: [Zope-dev] Speaking of 2.6...

2002-04-16 Thread Brian Lloyd
...I sent out a note a while ago now trying to scare up some ideas on how to vet the current list of 2.6 proposals and get to a final plan. I didn't get much (any?) response :( I am, as the author of the dtml-set tag, of course willing to commit to the implementation of this tag

Re: [Zope-dev] Speaking of 2.6...

2002-04-16 Thread Gary Poster
On Tuesday 16 April 2002 03:44 pm, Brian Lloyd wrote: ...I sent out a note a while ago now trying to scare up some ideas on how to vet the current list of 2.6 proposals and get to a final plan. I didn't get much (any?) response :( By the way, Brian, if I can with the remaining amount of

Re: [Zope-dev] Speaking of 2.6...

2002-04-16 Thread Janko Hauser
On Tue, 9 Apr 2002 13:47:49 -0400 Brian Lloyd [EMAIL PROTECTED] wrote: ...I sent out a note a while ago now trying to scare up some ideas on how to vet the current list of 2.6 proposals and get to a final plan. I didn't get much (any?) response :( Hello Brian, just to give some feedback

Re: [Zope-dev] Speaking of 2.6...

2002-04-15 Thread Ivo van der Wijk
On Tue, Apr 09, 2002 at 01:47:49PM -0400, Brian Lloyd wrote: ...I sent out a note a while ago now trying to scare up some ideas on how to vet the current list of 2.6 proposals and get to a final plan. I didn't get much (any?) response :( I am, as the author of the dtml-set tag, of course

Re: Support for X-HTTPD-FORWARDED-FOR Re: [Zope-dev] Speaking of 2.6...

2002-04-11 Thread Toby Dickenson
On Wed, 10 Apr 2002 12:16:35 -0400, Jim Washington [EMAIL PROTECTED] wrote: 2. If we want to get fancy about allowing authentication using that ip address like naked ZServers can do, to if request.has_key('HTTP_X_FORWARDED_FOR'): addr=request['HTTP_X_FORWARDED_FOR'] elif

RE: [Zope-Coders] Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Brian Lloyd
The idea is to allow user to specify several points of presence (pop) for an object. Does this break security? Probably yes, but in what case? If an object from higly secure envionment appeared somewhere in Anonymous zone, what then? Yes, Anonymous is able to alter object. But there was

Re: [Zope-Coders] Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Toby Dickenson
On Wed, 10 Apr 2002 01:30:56 +0300, Myroslav Opyr [EMAIL PROTECTED] wrote: Is Anonymous able to get out of the shared object to secure environment? User X is designated as a manager of folder /Xfolder. In todays Zope /Xfolder is a secure environment He has no authority over objects outside

Re: [Zope-Coders] Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Mario Valente
At 01:30 10-04-2002 +0300, Myroslav Opyr wrote: Ok. Let's find out what we have and what we want. First of all we have strict hierarchy in ZODB where each object appears only once in the tree. Thus to access to an object it is only one way from root down to an object through containers. The

RE: [Zope-Coders] Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Mario Valente
At 10:06 10-04-2002 -0400, Brian Lloyd wrote: What is wrong with leaving this as an add-on product? Why does it _need_ to be a part of the core at all? Useful products are useful, whether or not they come with Zope, and there are plenty of very useful products that don't come built in. I

Re: [Zope-Coders] Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Mario Valente
At 15:12 10-04-2002 +0100, Toby Dickenson wrote: User X is designated as a manager of folder /Xfolder. In todays Zope /Xfolder is a secure environment He has no authority over objects outside that folder, thanks to aq_inContextOf Can he create links to objects outside that folder? No, he

Support for X-HTTPD-FORWARDED-FOR Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Jim Washington
Support for X-HTTPD-FORWARDED-FOR Code for this is pretty simple: modify 2 files, ZServer/medusa/http_server.py and lib/python/AccessControl/User.py 1. To put the proxy-passed ip address in the zserver log, Around line 269 in ZServer/medusa/http_server.py, add a method

Re: Support for X-HTTPD-FORWARDED-FOR Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Oliver Bleutgen
Jim Washington wrote: 2. If we want to get fancy about allowing authentication using that ip address like naked ZServers can do, In lib/python/AccessControl/User.py, around line 1116, change if request.has_key('REMOTE_ADDR'): addr=request['REMOTE_ADDR'] to if

Re: Support for X-HTTPD-FORWARDED-FOR Re: [Zope-dev] Speaking of 2.6...

2002-04-10 Thread Jim Penny
On Wed, Apr 10, 2002 at 06:59:38PM +0200, Oliver Bleutgen wrote: Jim Washington wrote: 2. If we want to get fancy about allowing authentication using that ip address like naked ZServers can do, In lib/python/AccessControl/User.py, around line 1116, change if

Re: [Zope-Coders] Re: [Zope-dev] Speaking of 2.6...

2002-04-09 Thread Myroslav Opyr
Brian Lloyd wrote: Both me and Myroslav Opyr [EMAIL PROTECTED] are quite commited to do the proposed Object Links/References. Although from the emails we exchanged with you, I would've guessed that it was one of the controversial enough to be a Vetted item :-) Anyways I'm commited to do