> I think most people missed the point here.  I don't think Rossen
> is asking for help on running zope or getting xml-rpc to work with
> it.  He's observed a "security" problem: he believes the fact that
> a traceback including path names is included in the error response
> is a security exposure.  This has been discussed on zope-dev before,
> but the fact remains that the security community *does* treat
> exposure of filesystem path information as a security issue.

Right. There is already code for Zope 2.6 and Zope 3 that 
addresses this. Shane's new traceback formatting makes the 
trace information far more readable in addition to removing 
filesystem path information.

Brian Lloyd        [EMAIL PROTECTED]
V.P. Engineering   540.361.1716       
Zope Corporation   http://www.zope.com

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to