Re: [Zope] Hooks for methods other than GET/POST on port 80?
Chris Withers wrote: Roman Susi wrote: Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO. What is the issue number for this in the zope collector? 1964 Chris ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Roman Susi wrote: Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO. What is the issue number for this in the zope collector? Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
--On 10. Dezember 2005 10:36:16 +0200 Roman Susi <[EMAIL PROTECTED]> wrote: Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO. Tell me any application or framewokr that you can't bring down with stupid code :-) In this point Zope is neither better nor worse than any other system. -aj pgprpdIj93fHy.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Andreas Jung wrote: > > > --On 9. Dezember 2005 15:33:38 +0200 Roman Susi <[EMAIL PROTECTED]> wrote: > >> >> Hi! >> >> I've found the reason for original bug I hit. The recursion was in my >> code (and gone away after I corrected it). However, the bug I reported to >> Zope.org is still there. >> I think its a bug to freeze the whole server by maximum-recursion-reached >> error in a product... > > > There is always a chance to bring Zope down by writing bad code. But I > still do not understand if this is really a Zope problem or just an > example of stupid code. Not sure if filesystem based products qualify, but its like saying that ´is it operating system problem or stupid application code which brings OS down'. One misbehaving code should not bring down the whole framework, IMHO. > > -aj Regards, Roman ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
--On 9. Dezember 2005 15:33:38 +0200 Roman Susi <[EMAIL PROTECTED]> wrote: Hi! I've found the reason for original bug I hit. The recursion was in my code (and gone away after I corrected it). However, the bug I reported to Zope.org is still there. I think its a bug to freeze the whole server by maximum-recursion-reached error in a product... There is always a chance to bring Zope down by writing bad code. But I still do not understand if this is really a Zope problem or just an example of stupid code. -aj pgpcVHysRgaA9.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Andreas Jung wrote: --On 9. Dezember 2005 08:04:04 +0200 Roman Susi <[EMAIL PROTECTED]> wrote: Chris Withers wrote: Roman Susi wrote: Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug. Where and who by? At Zope.org issue tracker by ajung. However, it is not seen as it is security related. I did not confirm it as bug. I said that it is possibly a bug but nothing that worries me so much. -aj Hi! I've found the reason for original bug I hit. The recursion was in my code (and gone away after I corrected it). However, the bug I reported to Zope.org is still there. I think its a bug to freeze the whole server by maximum-recursion-reached error in a product... Regards, Roman ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
--On 9. Dezember 2005 08:04:04 +0200 Roman Susi <[EMAIL PROTECTED]> wrote: Chris Withers wrote: Roman Susi wrote: Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug. Where and who by? At Zope.org issue tracker by ajung. However, it is not seen as it is security related. I did not confirm it as bug. I said that it is possibly a bug but nothing that worries me so much. -aj pgp7yU5ll28wi.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Chris Withers wrote: Roman Susi wrote: Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug. Where and who by? At Zope.org issue tracker by ajung. However, it is not seen as it is security related. Chris ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Roman Susi wrote: Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug. Where and who by? Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Chris Withers wrote: (please keep the list CC'ed in) Roman Susi wrote: What do you mean by freezes? how did you cause this to happen? Surely, this is not only a bug but a security issue leading to DOS attack, IMHO. Well, it's a pretty weird use case from what I can see... Still, it is unclear why it happens... Traceback (most recent call last): File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in emit msg = self.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in format return fmt.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in format s = s + self.formatException(record.exc_info) File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in formatException traceback.print_exception(ei[0], ei[1], ei[2], None, sio) File "/usr/local/lib/python2.3/traceback.py", line 123, in print_exception print_tb(tb, limit, file) File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb line = linecache.getline(filename, lineno) File "/usr/local/lib/python2.3/linecache.py", line 14, in getline lines = getlines(filename) RuntimeError: maximum recursion depth exceeded We need more of the traceback, there is no repeating part here so it's impossible to see what's causing the infinite recursion... I am not sure how to get the whole traceback... Well, where did you see the above? In the log. Chris, could you put this into Zope issue tracker (with security tick as I do not want to make this info public right now)? (I've tried but I do not have an account there..) No, there's nothing stopping you registering at zope.org and doing this yourself. Furhtermore, I'd guess this is likely a bug in your code and nothing to do with Zope ;-) (of course, I could be wrong on that, but I haven't seen any evidence yet) Even if it is in my code, it is still too bad to get down the whole Zope server. Also, it was confirmed as a bug. cheers, Chris Regards, Roman ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
(please keep the list CC'ed in) Roman Susi wrote: What do you mean by freezes? how did you cause this to happen? Surely, this is not only a bug but a security issue leading to DOS attack, IMHO. Well, it's a pretty weird use case from what I can see... Traceback (most recent call last): File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in emit msg = self.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in format return fmt.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in format s = s + self.formatException(record.exc_info) File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in formatException traceback.print_exception(ei[0], ei[1], ei[2], None, sio) File "/usr/local/lib/python2.3/traceback.py", line 123, in print_exception print_tb(tb, limit, file) File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb line = linecache.getline(filename, lineno) File "/usr/local/lib/python2.3/linecache.py", line 14, in getline lines = getlines(filename) RuntimeError: maximum recursion depth exceeded We need more of the traceback, there is no repeating part here so it's impossible to see what's causing the infinite recursion... I am not sure how to get the whole traceback... Well, where did you see the above? Chris, could you put this into Zope issue tracker (with security tick as I do not want to make this info public right now)? (I've tried but I do not have an account there..) No, there's nothing stopping you registering at zope.org and doing this yourself. Furhtermore, I'd guess this is likely a bug in your code and nothing to do with Zope ;-) (of course, I could be wrong on that, but I haven't seen any evidence yet) cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Roman Susi wrote at 2005-12-5 16:51 +0200: >Dieter Maurer wrote: > ... >This is what freezes Zope: > >Traceback (most recent call last): > > File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb >line = linecache.getline(filename, lineno) > File "/usr/local/lib/python2.3/linecache.py", line 14, in getline >lines = getlines(filename) >RuntimeError: maximum recursion depth exceeded I know of an error in Python's "linecache.py". I am not sure whether this error causes an infinite recursion. I doubt it. Instead, it probably raised another exception but maybe that triggers the recursion in your application. The error I know is caused by an inconsistent filename in the "*.pyc" file. Usually, this filename is absolute, but in some cases can be relative in a funny (not yet understood way) and later confuse Python. The problem I know disappeared when I deleted all "*.pyc" files. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Roman Susi wrote: This is what freezes Zope: What do you mean by freezes? how did you cause this to happen? Traceback (most recent call last): File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in emit msg = self.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in format return fmt.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in format s = s + self.formatException(record.exc_info) File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in formatException traceback.print_exception(ei[0], ei[1], ei[2], None, sio) File "/usr/local/lib/python2.3/traceback.py", line 123, in print_exception print_tb(tb, limit, file) File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb line = linecache.getline(filename, lineno) File "/usr/local/lib/python2.3/linecache.py", line 14, in getline lines = getlines(filename) RuntimeError: maximum recursion depth exceeded We need more of the traceback, there is no repeating part here so it's impossible to see what's causing the infinite recursion... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Dieter Maurer wrote: > Roman Suzi wrote at 2005-12-3 21:56 +0200: > >>I am looking for a way in Zope to receive HTTP-requests with, eg, >>DELETE and PUT in the object method. Zope (2.7.x) seems to intercept these and >>issue "Not authorised". > > > "DELETE" and "PUT" are WebDAV methods (and defined in > "webdav.Resource.Resouce"). > > You have the usual hook: override the definition in your class. > Do not forget to assign a new permission to your new method definitions > (otherwise, the 'Unauthorized' will remain). > This is what freezes Zope: Traceback (most recent call last): File "/usr/local/lib/python2.3/logging/__init__.py", line 674, in emit msg = self.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 567, in format return fmt.format(record) File "/usr/local/lib/python2.3/logging/__init__.py", line 369, in format s = s + self.formatException(record.exc_info) File "/usr/local/lib/python2.3/logging/__init__.py", line 342, in formatException traceback.print_exception(ei[0], ei[1], ei[2], None, sio) File "/usr/local/lib/python2.3/traceback.py", line 123, in print_exception print_tb(tb, limit, file) File "/usr/local/lib/python2.3/traceback.py", line 68, in print_tb line = linecache.getline(filename, lineno) File "/usr/local/lib/python2.3/linecache.py", line 14, in getline lines = getlines(filename) RuntimeError: maximum recursion depth exceeded Regards, Roman Suzi ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Dieter Maurer wrote: Roman Suzi wrote at 2005-12-3 21:56 +0200: I am looking for a way in Zope to receive HTTP-requests with, eg, DELETE and PUT in the object method. Zope (2.7.x) seems to intercept these and issue "Not authorised". "DELETE" and "PUT" are WebDAV methods (and defined in "webdav.Resource.Resouce"). You have the usual hook: override the definition in your class. Do not forget to assign a new permission to your new method definitions (otherwise, the 'Unauthorized' will remain). Advice taken, thanks. However, when I tried to do it and Zope freezes (that is, the whole Zope server freezes!). never saw anything like that before... After restarting Zope the same thing happened again. Probably it's a bug. Roman Suzi ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Roman Suzi wrote at 2005-12-3 21:56 +0200: >I am looking for a way in Zope to receive HTTP-requests with, eg, >DELETE and PUT in the object method. Zope (2.7.x) seems to intercept these and >issue "Not authorised". "DELETE" and "PUT" are WebDAV methods (and defined in "webdav.Resource.Resouce"). You have the usual hook: override the definition in your class. Do not forget to assign a new permission to your new method definitions (otherwise, the 'Unauthorized' will remain). -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Tino Wildenhain wrote: >Am Samstag, den 03.12.2005, 21:56 +0200 schrieb Roman Suzi: > > >>Hi! >> >> >> >... > > >>DELETE /path/to/object/X/Y HTTP/1.1 >>Host: myhost.myorg.org >>Content-Type: application/myprotocol+xml >> >>Of course, I have a product Z which has this class: >> >>class Z: >>... >> >>def Y(self, REQUEST): >>if REQUEST.REQUEST_METHOD == 'POST': >> # no problem >>elif REQUEST.REQUEST_METHOD == 'DELETE': >> # this is never reached... Zope doesnt call Y >> >> >>What do I tweak so object X will receive Y on a usual HTTP port 80? >>THANKS! >> >> > >It seems you want the action and not the original request. > >When you use if ... why not just define >manage_delObjects on your class? > > No, I want to control whatever is done. That is, I want to intercept that request. >This works for PUT and most other request types >as well. > >HTH >Tino > > ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Hooks for methods other than GET/POST on port 80?
Am Samstag, den 03.12.2005, 21:56 +0200 schrieb Roman Suzi: > Hi! > ... > DELETE /path/to/object/X/Y HTTP/1.1 > Host: myhost.myorg.org > Content-Type: application/myprotocol+xml > > Of course, I have a product Z which has this class: > > class Z: > ... > > def Y(self, REQUEST): > if REQUEST.REQUEST_METHOD == 'POST': > # no problem > elif REQUEST.REQUEST_METHOD == 'DELETE': > # this is never reached... Zope doesnt call Y > > > What do I tweak so object X will receive Y on a usual HTTP port 80? > THANKS! It seems you want the action and not the original request. When you use if ... why not just define manage_delObjects on your class? This works for PUT and most other request types as well. HTH Tino ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Hooks for methods other than GET/POST on port 80?
Hi! I am looking for a way in Zope to receive HTTP-requests with, eg, DELETE and PUT in the object method. Zope (2.7.x) seems to intercept these and issue "Not authorised". (I check REQUEST.REQUEST_METHOD to decide what to do in the object's method. POST and GET are fine, but others are blocked in Zope.) I do not want to do it "the right way" and create special kind of ZServer (like for WebDAV), I just want Zope to let me decide what to do if certain method is requested from a certain method of an object. An example. I want object X to receive a message Y with request method DELETE. This is the raw thing the server need to receive: DELETE /path/to/object/X/Y HTTP/1.1 Host: myhost.myorg.org Content-Type: application/myprotocol+xml Of course, I have a product Z which has this class: class Z: ... def Y(self, REQUEST): if REQUEST.REQUEST_METHOD == 'POST': # no problem elif REQUEST.REQUEST_METHOD == 'DELETE': # this is never reached... Zope doesnt call Y What do I tweak so object X will receive Y on a usual HTTP port 80? THANKS! Sincerely yours, Roman Suzi -- [EMAIL PROTECTED] =\= My AI powered by GNU/Linux RedHat 7.3 ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )