Re: [Zope3-dev] X-zope-handle-errors header
Stephan Richter wrote: On Thursday 19 January 2006 13:36, Chris Withers wrote: What does setting this header actually do? It sets the handle_errors argument of the publish function to false. It is the only way we can communicate from functional tests to the publisher. At a higher level, what does that mean? How does Zope behave differently if this header is set? Trust me, I explored several possibilities. I don't doubt it, but I suspect zope.conf will need to grow and option to disable this behaviour on production servers... Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] X-zope-handle-errors header
Stephan Richter wrote: On Thursday 01 December 2005 09:28, Chris Withers wrote: Do we want Zope to always respond to this header? Yes, it's helpful for testing, but surely it risks information disclosure vulnerabilities or worse if used on a production application? The user would receive no useful information, since he would only get a SystemError page that contains null information. Sorry, I'm obviously misunderstand how this header works.. What does setting this header actually do? cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
Re: [Zope3-dev] X-zope-handle-errors header
On Thursday 01 December 2005 09:28, Chris Withers wrote: Do we want Zope to always respond to this header? Yes, it's helpful for testing, but surely it risks information disclosure vulnerabilities or worse if used on a production application? The user would receive no useful information, since he would only get a SystemError page that contains null information. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
[Zope3-dev] X-zope-handle-errors header
Hi All, Do we want Zope to always respond to this header? Yes, it's helpful for testing, but surely it risks information disclosure vulnerabilities or worse if used on a production application? cheers, Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
