[Zope] Safari basic authentication problem
Hi Safari 4.0.2 fails to send an Authorization header to the server when the user is authenticated via basic authentication. This results in all sorts of permission problems. I realise this is not a Zope problem but perhaps I can hack some temporary solution server-side to convince Safari to play along. Header examples: Firefox: 'GET /sweet HTTP/1.1\r\n Host: 192.168.1.75:23190\r\n User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.1) Gecko/20090716 Ubuntu/9.04 (jaunty) Shiretoko/3.5.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n Accept-Language: en-us,en;q=0.5\r\nAccept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n Keep-Alive: 300\r\n Connection: keep-alive\r\n Cookie: tree-s="eJzT0MgpMOQKVneEA1dbda4CI67EkgJjLj0AeGcHew"\r\n Authorization: Basic YWRtaW46bG9jYWw=\r\n Cache-Control: max-age=0' Safari: --- 'GET /sweet HTTP/1.1\r\n Host: 192.168.1.75:23190\r\n User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1\r\n Referer: http://192.168.1.75:23190/sweet/pt_editForm\r\n Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n Accept-Language: en-US\r\n Accept-Encoding: gzip, deflate\r\n Cache-Control: max-age=0\r\n Cookie: __utma=91023834.1699497027.1250064893.1250064893.1250064893.1; __utmb=91023834; __utmc=91023834; __utmz=91023834.1250064893.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); tree-s="eJzTyCkw5NLIKTDiClZ3hANXW3WuAmOuxEQ9AIOOB9Q"\r\n Connection: keep-alive' This thread also discusses the issue: http://plope.com/Members/chrism/safari_3_discards_basic_auth It is fairly simple to replicate - add a Page Template to the root which displays request/AUTHENTICATED_USER and navigate to it (while logged in) with the respective browsers. Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to use ZPT with ad-hoc context?
>> __allow_access_to_unprotected_subobjects__ = 1 > > That indeed works, thanks! > >> You probably should not use that line too often :) > > I would prefer doing it correctly/safely, but is there a way? Because > it even exposes the unprotected subobjects of the acquired objects... > sounds a bit scary to me. I don't know what your use case is, but you could either: 1) Expose attributes through methods on your Adhoc class 2) Use a browser view, which is what I'd do. Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] How to use ZPT with ad-hoc context?
Daniel Dekany wrote:
> How to create a template context ("here" inside ZPT) that is not an
> object from the ZODB, just a temporary object? This is what I tried:
>
> class AdhocContext(Implicit):
> pt = PageTemplateFile("whatever/path", globals())
> ...
>
> MyZopeProduct:
>
> def whatever(self):
> "Test"
> ctx = AdhocContext().__of__(self)
> return ctx.pt()
>
> The problem I have with this is that I can't access anything in
> AdhocContext from the ZPT because the security manager blocks it (I
> didn't forget to security.declarePublic + document what I wanted to
> access). Is there a simple trick to solve this? (BTW, I will need to
> invoke some Plone macros from that ZPT too... I hope that will just
> work if this security matter is solved.)
>
You don't have to create the page template as an attribute of a class.
You can declare it as a local variable
pt = ZopeTwoPageTemplateFile('template.pt')
and then do
extra_context = {'context': some_context}
html = pt.pt_render(extra_context=extra_context)
The context variable in your template will then be what you want it to be.
If you still encounter security problems then add this line directly
after you declare class AdhocContext
__allow_access_to_unprotected_subobjects__ = 1
You probably should not use that line too often :)
Hedley
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Building a fast, scalable yet small Zope application
I've followed this thread with interest since I have a Zope site with tens of millions of entries in BTrees. It scales well, but it requires many tricks to make it work. Roche Compaan wrote these great pieces on ZODB, Data.fs size and scalability at http://www.upfrontsystems.co.za/Members/roche/where-im-calling-from/catalog-indexes and http://www.upfrontsystems.co.za/Members/roche/where-im-calling-from/fat-doesnt-matter . My own in-house product is similar to GoogleAnalytics. I have to use a cascading BTree structure (a btree of btrees of btrees) to handle the volume. This is because BTrees do slow down the more items they contain. This is not a ZODB limitation or flaw - it is just how they work. My structure allows for fast inserts, but they also allow aggregation of data. So if my lowest level of BTrees store hits for a particular hour in time then the containing BTree always knows exactly how many hits were made in a day. I update all parent BTrees as soon as an item is inserted. The cost of this operation is O(1) for every parent. These are all details but every single one influenced my design. What is important is that you cannot just use the ZCatalog to index tens of millions of items since every index is a single BTree and will thus suffer the larger it gets. So you must roll your own to fit your problem domain. Data warehousing is probably a good idea as well. My problem domain allows me to defer inserts, so I have a queuerunner that commits larger transactions in batches. This is better than lots of small writes. This may of course not fit your model. Familiarize yourself with TreeSets and set operations in Python (union etc.) since those tools form the backbone of catalogueing. Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Request time grows with memory size
On Mon, Apr 27, 2009 at 12:40 PM, Peter Bengtsson wrote: > What have you done to investigate memory leaks? > What external connectors are you using, like MySQL or LDAP? > It is probably not a memory leak. The graph is what I'd expect in a garbage collection scenario (ie. Python). Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zopectl does not terminate
Hi Tres! Thanks for the tips. I managed to get my script running in batches and with manual intervention. When in future I encounter the same problems I'll report back to this thread. Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] zopectl does not terminate
Hi all I run my script foo.zctl with "zopectl run foo.ctl param1 param2". This script operates on a large ZODB and catches ConflictErrors accordingly. It iterates over a set, updates data and commits the transaction every 100 iterations. But I've noticed two things: 1. ConflictErrors are never fully caught. The show up in the console (this is acceptable I suppose), but my script stops executing on the conflict and does not continue. The zope process stays alive. 2. In the event of no conflict errors my script executes its last line (print 'done') but the process does not always terminate. If I instruct my script to not update the ZODB at all it terminates without problems. I'm running it on a live site with 7 ZEO clients. I've stopped a client (say client 2) so it is not accessed concurrently and run my script with client2/zopectl. It is in fact a Plone site but that should be irrelevant. Thanks for any help Hedley ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
