Re: [Zope] Re: Re: major problems placing authentication on an extranet site-security flaw?

[Chris Withers]

michael nt milne wrote:
Chris, back to throwing personal insults eh. 


It's not so much an insult as a statement of fact. Retarded means 
"slower", and given how slow you seem to be to "get" the stuff we're 
discussing, I think the shoe fits. Not necessarily meant as an insult, 
but if you want to take it as such, so be it...



refrain from 'gratuitous insults'. That's just going to turn people
away and harm the cause of Zope.


Some people this community could do without. I have no doubt that you'd 
argue that I am one of those people. I, of course, feel the same about 
you ;-)



I hope you're making sure the "secure" bit is set on those cookies ;-)


I take it this is a joke. 


Okay, so you don't want to bother reading specs eithers. Great. Go read 
up on the cookie spec, find out what the secure bit of a cookie does...



Plone uses cookie authentication by default.


And Plohn is hideously insecure by default, what's your point?


You can't log in with out that.


Sure you can, chuck ?disable_cookie_auth__=1 on the end of a url that's 
not anonymously accessible...



There are security risks there but
good user education with a strong password policy, no use of 'save
password' facilities and SSL is a start at least.


Good luck, you're gonna need it...


Considering you can't even quote a response correctly, I somehow doubt

that..

Oh come on.


What? You're mail client put >>> in front of your previous post, which 
is faulty for the majority of mail clients used by people on this list.

Fix it.


Fine, don't take our advice, but don't expect help either.


What because I don't take all your advice? That's a bit elitist and
also not good for growing the user base of Zope.


You don't take anyone's advice on this list without bitching and whining 
about it...



And to finish on my problem with IE over SSL, I'll be implementing the
help found here. It's recognised that there are problems and bugs in
IE over SSL:


Your problem will undoubtedly be that access_rule put in by the Plohn 
installer. Remove it, and I'll bet your problems go away. But hey, what 
do I know?



MSIE versions. You can work around these problems by forcing Apache
not to use HTTP/1.1, keep-alive connections or send the SSL close
notify messages to MSIE clients. This can be done by using the
following directive in your SSL-aware virtual host section


So, have you actually followed this advice? What difference has it made?

*sigh*

Chris

--
Simplistix - Content Management, Zope & Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Render image from external method.

[Tino Wildenhain]

Jason C. Leach schrieb:
> Hi,
> 
> I'm wondering how I can render an image from an external method
> without creating a permanent image object in Zope?  What I have is a
> python script I call in my ZPT.  The python script does some things,
> and calls an external method that returns PNG image data. If I do
> tal:attributes="src python:python_script()" What I get is the string
> containing the PNG image data, but it's not rendered.
> 
> An example of what I get is: 
> 
> Any ideas?  I don't really want to create a permanent image object,
> and I know that will work because I have used it to create thumbnail
> images before.

Yes, you have to link to the image in your HTML code - just like
any other image you see. (Only a small popolation of browsers
support inline images - and these only really work for fairly small
images - so this isnt an option for you I guess)



If you need parameters to render the image, either put them
into the URL (ZTUtils.make_query() can help here) or
in the SESSION.

Btw, you might be confused by zopes Image objects which behave
in a dual way. When "called" inside your template, they output
a HTML image-tag with a link to their URL. Accessing the URL
however, produces the binary data of that image.

Regards
Tino
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] how to create a image from PIL and save into the zope database?

[Roman Klesel]

Hello Huang,

Allen Huang schrieb:
> I'm been playing around with python PIL library for a while now
>  
> but I'm confuse about how to dynamically generated image or modified
> an image, create a new image object, and save it back into zope database.
>  
> can someone walk me through the steps?

the example code in the zope book, chapter "Advanced Zope Scripting", section 
"Using External Methods" is a working
example of how one can generate/modify images with zope using PIL. It's well 
documented as well.

Greetings Roman














___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: restricting permissions for direct access only

[David]

Tres Seaver wrote:

  -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Michael Shulman wrote:
  
  
On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:



  
But... it's still not working for my real site.  I think the issue is
this.  If script1 has proxy role Manager, and script2 has view
permissions set only for Manager, then script1 can call script2, no
problem.  But if script1 instead calls script3, which then calls
script2, it doesn't work unless script3 *also* has proxy role Manager.

  
  Yes, this was a deliberate change made a few major releases ago. I've
never mich liked it myself for exactly the reason you describe. I wonder
if anyone who knows could point out why this change was made, I'm sure
the reasons were good...
  


Even if the reasons were good, it would be nice to have an option to
turn it on or off, even if the default is off.  At the very least, it
would be nice if this fact were documented.  (Is it somewhere and I
just missed it?)  It surprised me very much, and it would have
surprised and frustrated me even more if I'd written a site which
worked and then later on decided to split off the functionality of
some private script into a secondary one, unsuspecting that it would
break the proxy roles setup.

  
  
The prior behavior (allowing users to access protected resources "above"
the domain of their user folders) was a security hole caused by a bug,
and was never documented as allowable:  correcting it was a matter for a
rather urgent fix, as it broke the explicitly-documented model.

The fact that folks wrote applications which relied on the hole is
unfortunate;  breaking them is better than leaving the sites built
around the defined model vulnerable to abuse.


Tres.
-

Hi Tres,

I just disagree.  If theres a paranoia with the standard set of roles
then prevent *those* from upward acquisition.  But if I add a role
*specifically* so it can access a common code pool, say like
"/commonPython" and "/commonJavascript" thats available to sub-folders,
probably distinquished by data adapter access to various companies ...
than whats the downside?  The upside is that I dont have to copy one
code improvement across n number of sub-folder instances.


David



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Importing a ZClass from Zope 2.8.1 to Zope 2.9.0

[Andreas Jung]

--On 16. Februar 2006 02:19:52 + Peter Bengtsson <[EMAIL PROTECTED]> 
wrote:



Perhaps not a valuable advice but I remember (years ago) that I
couldn't import a ZClass because of something to do with the security
even though I was logged in as root Manager.
I ended up writing an External Method that in turn calls
manage_importObject(file.zexp) and that worked.

I know nothing about Zope 2.9's support for ZClass but wouldn't be
surprised to hear that it's changed a lot.



There were no changes in 2.9.0 as far as I know...except that ZClasses
are deprecated from 2.9.0 on.

-aj




pgpwS1bcwSubc.pgp
Description: PGP signature
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] how to create a image from PIL and save into the zope database?

[Allen Huang]

I'm been playing around with python PIL library for a while now      but I'm confuse about how to dynamically generated image or modified an image, create a new image object, and save it back into zope database.     can someone walk me through the steps?
		  
What are the most popular cars? Find out at Yahoo! Autos 
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: Granting access by reading http headers

[Tres Seaver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marc Schnapp wrote:
> We're running Plone for internal departmental use. I'm going to lock
> down most of the content, requiring a login to view sensitive documents.
> But I also want our Google Mini appliance to crawl all content. The
> problem is that the appliance does not accept cookies. So Plone and Zope
> don't recognize a user account as the crawler attempts to move through
> links.
> 
> I am thinking of granting the Google Mini appliance "transparent" access
> by reading the http headers of incoming requests and granting access if:
>  - the header includes the correct client string
>AND
>  - The IP address of the requesting machine is owned by the Google Mini
> host.
> 
> Questions:
> 
> 1) Is this approach viable? (What are the pitfalls?)
> 
> 2) What python module is consulted to determine access rights when a
> page request is made?
> 
> 2) Is this difficult to implement if one has rudimentary Python skills?
> (Or is there already sample code out there to do something like this? I
> couldn't find any.)

Such a policy would be trivial to implement in using the
ScriptablePlugin within a PluggableAuthenticationService user folder.
Even in a "stock" user folder, if you know the IP of the appliance, you
can create a user and set the "domain" field to that IP, granting it the
roles which allow it to view the site:  as long as nobody else can spoof
that IP, you should be fine.


Tres.
- --
===
Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD9AUY+gerLs4ltQ4RAnAgAKCn1lhuY8UfdH1xj18ycuTgqGhzHgCg1ALi
Za9/wpDb04vRTncZiQrr7S0=
=UFug
-END PGP SIGNATURE-

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: restricting permissions for direct access only

[Tres Seaver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Michael Shulman wrote:
> On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:
> 
>>>But... it's still not working for my real site.  I think the issue is
>>>this.  If script1 has proxy role Manager, and script2 has view
>>>permissions set only for Manager, then script1 can call script2, no
>>>problem.  But if script1 instead calls script3, which then calls
>>>script2, it doesn't work unless script3 *also* has proxy role Manager.
>>
>>Yes, this was a deliberate change made a few major releases ago. I've
>>never mich liked it myself for exactly the reason you describe. I wonder
>>if anyone who knows could point out why this change was made, I'm sure
>>the reasons were good...
> 
> 
> Even if the reasons were good, it would be nice to have an option to
> turn it on or off, even if the default is off.  At the very least, it
> would be nice if this fact were documented.  (Is it somewhere and I
> just missed it?)  It surprised me very much, and it would have
> surprised and frustrated me even more if I'd written a site which
> worked and then later on decided to split off the functionality of
> some private script into a secondary one, unsuspecting that it would
> break the proxy roles setup.

The prior behavior (allowing users to access protected resources "above"
the domain of their user folders) was a security hole caused by a bug,
and was never documented as allowable:  correcting it was a matter for a
rather urgent fix, as it broke the explicitly-documented model.

The fact that folks wrote applications which relied on the hole is
unfortunate;  breaking them is better than leaving the sites built
around the defined model vulnerable to abuse.


Tres.
- --
===
Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD9ARc+gerLs4ltQ4RAudoAKC8EWZfw5AibQ+s/xmwtrXo2r0hvACgsYMF
N+kPUlUZdjOYd9aL4pjfIaw=
=v8Ky
-END PGP SIGNATURE-

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Importing a ZClass from Zope 2.8.1 to Zope 2.9.0

[Peter Bengtsson]

Perhaps not a valuable advice but I remember (years ago) that I
couldn't import a ZClass because of something to do with the security
even though I was logged in as root Manager.
I ended up writing an External Method that in turn calls
manage_importObject(file.zexp) and that worked.

I know nothing about Zope 2.9's support for ZClass but wouldn't be
surprised to hear that it's changed a lot.

On 2/16/06, Edward Huixquic <[EMAIL PROTECTED]> wrote:
> Hi Zopistas:
>
> I am trying to import into a Zope 2.9.0 installation, a ZClass that lives
> and runs fine in a Zope 2.8.1. I am getting an error which I attach below
> (from my event.log):
>
> What I am getting is a  "ZClassName" does not support this operation.   Does
> any of you have any idea what is going on and, in any case how can I make to
> import that ZClass into the Zope 2.9.0
>
> FYI, the Zope 2.8.1 runs in Fedora Core 4 with python 2.3.5,   the Zope
> 2.9.0 runs on the same machine with Fedora Core 4 but under Python 2.4.2
>
> Thanks in advance for any help and/or suggestions.  Best regards.
>
> Edward.
>
>
> EVENT.LOG print out below:
> --
> 2006-02-15T14:21:53 ERROR Zope.SiteErrorLog
> http://server:8080/Control_Panel/Products/manage_importObject
> Traceback (most recent call last):
>   File
> "/usr/local/Zope-2.9.0/lib/python/ZPublisher/Publish.py",
> line 113, in publish
> request, bind=1)
>   File
> "/usr/local/Zope-2.9.0/lib/python/ZPublisher/mapply.py",
> line 88, in mapply
> if debug is not None: return debug(object,args,context)
>   File
> "/usr/local/Zope-2.9.0/lib/python/ZPublisher/Publish.py",
> line 40, in call_object
> result=apply(object,args) # Type s to step into published object.
>   File
> "/usr/local/Zope-2.9.0/lib/python/OFS/ObjectManager.py",
> line 585, in manage_importObject
> set_owner=set_owner)
>   File
> "/usr/local/Zope-2.9.0/lib/python/OFS/ObjectManager.py",
> line 604, in _importObjectFromFile
> if verify: self._verifyObjectPaste(ob, validate_src=0)
>   File
> "/usr/local/Zope-2.9.0/lib/python/OFS/CopySupport.py", line
> 527, in _verifyObjectPaste
> action = 'manage_main')
> Copy Error:
> 
> 
> Not Supported
> 
> 
> 
> 
> 
>   
>   
>COLOR="#77003B">!
>   
>   
>   
>   
>   The object Formas does not support this operation.
>   
>   
> 
> 
>   
>   
>   
>   
>   
>   
>   
> 
> 
>  
> 
> --
>
>
>
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>
>
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Render image from external method.

[Peter Bengtsson]

On 2/16/06, Jason C. Leach <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm wondering how I can render an image from an external method
> without creating a permanent image object in Zope?  What I have is a
> python script I call in my ZPT.  The python script does some things,
> and calls an external method that returns PNG image data. If I do
> tal:attributes="src python:python_script()" What I get is the string
> containing the PNG image data, but it's not rendered.
>
> An example of what I get is: 
>
Correct use would be

The *browser* will then call the image, not your ZPT code.

> Any ideas?  I don't really want to create a permanent image object,
> and I know that will work because I have used it to create thumbnail
> images before.
>
> Thanks,
> Jason.
>
> --
> 
>  Jason C. Leach
>  PGP Key: 0x62DDDF75
>  Keyserver: gpg.mit.edu
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Render image from external method.

[Jason C. Leach]

Hi,

I'm wondering how I can render an image from an external method
without creating a permanent image object in Zope?  What I have is a
python script I call in my ZPT.  The python script does some things,
and calls an external method that returns PNG image data. If I do
tal:attributes="src python:python_script()" What I get is the string
containing the PNG image data, but it's not rendered.

An example of what I get is: 

Any ideas?  I don't really want to create a permanent image object,
and I know that will work because I have used it to create thumbnail
images before.

Thanks,
Jason.

--

 Jason C. Leach
 PGP Key: 0x62DDDF75
 Keyserver: gpg.mit.edu
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Importing a ZClass from Zope 2.8.1 to Zope 2.9.0

[Edward Huixquic]

Hi Zopistas:I am trying to import into a Zope 2.9.0 installation, a ZClass that lives and runs fine in a Zope 2.8.1. I am getting an error which I attach below (from my event.log):What I am getting is a  "ZClassName" does not support this operation.   Does any of you have any idea what is going on and, in any case how can I make to import that ZClass into the Zope 
2.9.0FYI, the Zope 2.8.1 runs in Fedora Core 4 with python 2.3.5,   the Zope 2.9.0 runs on the same machine with Fedora Core 4 but under Python 2.4.2Thanks in advance for any help and/or suggestions.  Best regards.
Edward.EVENT.LOG print out below: --2006-02-15T14:21:53 ERROR Zope.SiteErrorLog http://server:8080/Control_Panel/Products/manage_importObject
Traceback (most recent call last):  File "/usr/local/Zope-2.9.0/lib/python/ZPublisher/Publish.py", line 113, in publish    request, bind=1)  File "/usr/local/Zope-2.9.0/lib/python/ZPublisher/mapply.py", line 88, in mapply
    if debug is not None: return debug(object,args,context)  File "/usr/local/Zope-2.9.0/lib/python/ZPublisher/Publish.py", line 40, in call_object    result=apply(object,args) # Type s to step into published object.
  File "/usr/local/Zope-2.9.0/lib/python/OFS/ObjectManager.py", line 585, in manage_importObject    set_owner=set_owner)  File "/usr/local/Zope-2.9.0/lib/python/OFS/ObjectManager.py", line 604, in _importObjectFromFile
    if verify: self._verifyObjectPaste(ob, validate_src=0)  File "/usr/local/Zope-2.9.0/lib/python/OFS/CopySupport.py", line 527, in _verifyObjectPaste    action = '')Copy Error:
Not Supported
      !    
      The object Formas does not support this operation.      
            
--
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Granting access by reading http headers

[Marc Schnapp]

We're
running Plone for internal departmental use. I'm going to lock down
most of the content, requiring a login to view sensitive documents. But
I also want our Google Mini appliance to crawl all content. The problem
is that the appliance does not accept cookies. So Plone and Zope don't
recognize a user account as the crawler attempts to move through links.
 
I am
thinking of granting
the Google Mini appliance "transparent" access by reading the http
headers of incoming requests and granting access if:

  -
the header includes the correct client string 
    AND
  -
The IP address of the requesting machine is owned by the Google Mini
host.


Questions:

1) Is this approach viable? (What are the pitfalls?)

2) What python module is consulted to determine access rights when a
page request is made?

2) Is this difficult to implement if one has rudimentary Python skills?
(Or is there already sample code out there to do something like this? I
couldn't find any.)



___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope 2.9 and SSL

[Ron Bickers]

On Wed February 15 2006 02:42, Janusz Zamecki wrote:

> The easiest way is to use Apache, but I have reasons to not go that way.

If you don't want big Apache, lighttpd is small and has made a good SSL 
front-end proxy to Zope for me.

http://www.lighttpd.net/

-- 
Ron
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope and roles and hierarchy

[Lennart Regebro]

On 2/14/06, Kees de Brabander <[EMAIL PROTECTED]> wrote:
> But my subfolders are for different groups of users and I want to keep them
> apart (so I can throw them away with the subfolder, when their use has
> become obsolete).

Well, you could use PluggableAuthService, and have them in different
zodb_users plugins, I think.

--
Lennart Regebro, Nuxeo http://www.nuxeo.com/
CPS Content Management http://www.cps-project.org/
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope/Plone logon security strategy etc

[michael nt milne]

PSI won't be using this with SSL obviously. Good to use it to secure login areas where the other content doesn't require SSL.On 2/15/06, michael nt milne
 <[EMAIL PROTECTED]> wrote:
Hi DieterI've installed DigestAuth. Just wondering if there are any set-up instructions at all?ThanksMichaelOn 1/26/06, 
Dieter Maurer
 <[EMAIL PROTECTED]> wrote:
michael nt milne wrote at 2006-1-25 18:55 +:
>Yeah I know the security aspects are good once you are in, however>when you login it's possible for someone to grab your logon name and>pass as it goes over the internet, as there's no encryption at all.
>Then obviously login themselves and compromise your sites.You might be interested in my "DigestAuth" product.It provides HTTP DigestAuthentication for Zope.Of course, HTTP authentication gives you less freedom than
other forms of authentication (as the browser does the login).These other forms can be made safer by the use of "https".--Dieter
-- Michael

-- Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope/Plone logon security strategy etc

[michael nt milne]

Hi DieterI've installed DigestAuth. Just wondering if there are any set-up instructions at all?ThanksMichaelOn 1/26/06, Dieter Maurer
 <[EMAIL PROTECTED]> wrote:michael nt milne wrote at 2006-1-25 18:55 +:
>Yeah I know the security aspects are good once you are in, however>when you login it's possible for someone to grab your logon name and>pass as it goes over the internet, as there's no encryption at all.
>Then obviously login themselves and compromise your sites.You might be interested in my "DigestAuth" product.It provides HTTP DigestAuthentication for Zope.Of course, HTTP authentication gives you less freedom than
other forms of authentication (as the browser does the login).These other forms can be made safer by the use of "https".--Dieter-- Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] restricting permissions for direct access only

[Michael Shulman]

On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:
> > But... it's still not working for my real site.  I think the issue is
> > this.  If script1 has proxy role Manager, and script2 has view
> > permissions set only for Manager, then script1 can call script2, no
> > problem.  But if script1 instead calls script3, which then calls
> > script2, it doesn't work unless script3 *also* has proxy role Manager.
>
> Yes, this was a deliberate change made a few major releases ago. I've
> never mich liked it myself for exactly the reason you describe. I wonder
> if anyone who knows could point out why this change was made, I'm sure
> the reasons were good...

Even if the reasons were good, it would be nice to have an option to
turn it on or off, even if the default is off.  At the very least, it
would be nice if this fact were documented.  (Is it somewhere and I
just missed it?)  It surprised me very much, and it would have
surprised and frustrated me even more if I'd written a site which
worked and then later on decided to split off the functionality of
some private script into a secondary one, unsuspecting that it would
break the proxy roles setup.

Mike
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] VerboseSecurity and zope 2.8.5

[Peter Bengtsson]

On 2/15/06, Stefan H. Holek <[EMAIL PROTECTED]> wrote:
> If this is Plone, you also need to tell error_log not to ignore
> Unauthorized and clear the Login page ID in cookie_authentication.
> See 
>
It's not plone.
Logged Unauthorised in error_log.

>
>
> On 15. Feb 2006, at 14:39, Peter Bengtsson wrote:
>
> > I'm not getting any verbose security messages in my zope 2.8.5.
> > zope.conf reads:
> > security-policy-implementation python
> > verbose-security on
> >
> > I'm trying to log in as a user but get rejected which is probably
> > because I've incorrectly configured one method or object to require
> > one permission too many.
> >
> > I've tried looking in error_log, event.log and the printed output from
> > ./bin/runzope
> > Any ideas?
>
> --
> Anything that happens, happens.  --Douglas Adams
>
>
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] VerboseSecurity and zope 2.8.5

[Stefan H. Holek]

If this is Plone, you also need to tell error_log not to ignore  
Unauthorized and clear the Login page ID in cookie_authentication.  
See 


Stefan


On 15. Feb 2006, at 14:39, Peter Bengtsson wrote:


I'm not getting any verbose security messages in my zope 2.8.5.
zope.conf reads:
security-policy-implementation python
verbose-security on

I'm trying to log in as a user but get rejected which is probably
because I've incorrectly configured one method or object to require
one permission too many.

I've tried looking in error_log, event.log and the printed output from
./bin/runzope
Any ideas?


--
Anything that happens, happens.  --Douglas Adams


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] RE: calling getOwner on an ExtFile instance raises an Unauthori zed ex ception

[Palermo, Tom]

Tres,

Thanks. I didn't know about that. I will try that. Also, I just used
owner_info['id'] instead of getOwner(). It returns the same thing. I'm not
sure why owner_info worked and getOwner did not both methods are in
AccessControl.Owner.py

Thanks,
Tom 

-Original Message-
From: Tres Seaver [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, February 15, 2006 10:46 AM
To: Palermo, Tom
Subject: Re: calling getOwner on an ExtFile instance raises an Unauthorized
ex ception



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Palermo, Tom wrote:
> All,
>  
> Does anyone know why calling getOwner() on an instance of ExtFile 
> raises an unauthorized exception?
> Error Type: Unauthorized
> Error Value: You are not allowed to access 'getOwner' in this 
> context
> 
> ExtFile imports SimpleItem which, in turn, imports AccessControl.Owner
>  
> Here's the code from ExtFile:
> from OFS.SimpleItem import SimpleItem
>  
> Here's the code from SimpleItem:
> import AccessControl.Role, AccessControl.Owned, App.Common
>  
> I've got some other custom objects in my application which import 
> SimpleItem and I am able to call getOwner() on them no problem.

TUrn on verbose security in your zope.conf and retry;  you should get a lot
more information about why the security machinery is blocking access in the
error log.


Tres.
- --
===
Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD80zG+gerLs4ltQ4RAh1HAKCedCG/jVjr+eBtsS++kwdrs18nYwCfXEGq
/CQ06fqfosuMDtt0u9NXwtA=
=68is
-END PGP SIGNATURE-
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Error Value: 'File' object has no attribute 'manage_fixupOwnershipAfterAdd'

[Roman Klesel]

Hello,

in a product I try to make a file object persistent with the _setObject() 
method.

However I get the error:
Error Value: 'File' object has no attribute 'manage_fixupOwnershipAfterAdd'

The following is the code where the error occurs:

cpu_load = self.getCpuLoad(id,location_sar,f_time,l_time)
system.cpu_load_file=File(data=cpu_load[0], contentType='text/plain')
self.tgt_folder[id]._setObject('cpu_load',system.cpu_load_file)

This is done in the __init__ method of the class. The class subclasses from 
Folder and SimpleItem.
self.tgt_folder[id] has been created a few lines above by:

self.tgt_folder[id]=Folder()
self._setObject(id,self.tgt_folder[id])

The container that holds self.tgt_folder[id] is a BTreesFolder2.

I know that the file Object is pretty simple, but how can one create and 
persist it if not with the _setObject() method?

Thanks in advance

Roman
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: calling getOwner on an ExtFile instance raises an Unauthorized ex ception

[Tres Seaver]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Palermo, Tom wrote:
> All,
>  
> Does anyone know why calling getOwner() on an instance of ExtFile raises an
> unauthorized exception?
> Error Type: Unauthorized
> Error Value: You are not allowed to access 'getOwner' in this context
> 
> ExtFile imports SimpleItem which, in turn, imports AccessControl.Owner
>  
> Here's the code from ExtFile:
> from OFS.SimpleItem import SimpleItem
>  
> Here's the code from SimpleItem:
> import AccessControl.Role, AccessControl.Owned, App.Common
>  
> I've got some other custom objects in my application which import SimpleItem
> and I am able to call getOwner() on them no problem.

TUrn on verbose security in your zope.conf and retry;  you should get a
lot more information about why the security machinery is blocking access
in the error log.


Tres.
- --
===
Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD80zG+gerLs4ltQ4RAh1HAKCedCG/jVjr+eBtsS++kwdrs18nYwCfXEGq
/CQ06fqfosuMDtt0u9NXwtA=
=68is
-END PGP SIGNATURE-

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] calling getOwner on an ExtFile instance raises an Unauthorized ex ception

[Palermo, Tom]

All,
 
Does anyone know why calling 
getOwner() on an instance of ExtFile raises an unauthorized 
exception?

    Error 
Type: Unauthorized    Error Value: You are not 
allowed to access 'getOwner' in this context
ExtFile imports SimpleItem 
which, in turn, imports AccessControl.Owner
 
Here's the code from 
ExtFile:
from OFS.SimpleItem import 
SimpleItem
 
Here's the code from 
SimpleItem:
import AccessControl.Role, 
AccessControl.Owned, App.Common
 
I've got some other custom 
objects in my application which import SimpleItem and I am able to call 
getOwner() on them no problem.
 
Thanks,
Tom
 
 
 
 
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] VerboseSecurity and zope 2.8.5

[Peter Bengtsson]

I'm not getting any verbose security messages in my zope 2.8.5.
zope.conf reads:
security-policy-implementation python
verbose-security on

I'm trying to log in as a user but get rejected which is probably
because I've incorrectly configured one method or object to require
one permission too many.

I've tried looking in error_log, event.log and the printed output from
./bin/runzope
Any ideas?

--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: Advice needed before settling on Zope

[Maik Ihde]

> What turned you off Plone?

Plone still lacks a decent versioning System. That's definetely a showstopper.
And it does not scale too well, if you cannot use caching. 

Don't get me wrong, I do like Plone since you can rip out small Intranet
solutions in a very short time - but do not try to do that with hundreds or
thousands of active Users on that Site. Chris and Jens might give you more
Details on that matter ;-)

Kind Regards
Maik


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Memory Leak Debugging

[Andrew Milton]

+---[ Jonathan Bowlas ]--
| Hi All,
| 
| We're having serious problems with performance running Silva CMS on Zope
| 2.7.8-final, python 2.3.5, linux2 set up on a machine with 2.5GB RAM. There
| are currently only about 65 users and around 2000 documents in the CMS but
| it seems to run for a week, then the RAM fills up and crashes so we have to
| restart the server manually.
| 
| The Zope logs aren't much help as I enquired on the Zope list and their
| response was we need more RAM. But surely 2.5GB is enough.
| 
| I've also checked Control_Panel/DebugInfo for any refcounts with significant
| jumps and Products.Silva.Image.Image seems to be the culprit:
|11.32am  11.36am
| Products.Silva.Image.Image   5620358153  +1950
| Acquisition.ImplicitAcquirerWrapper  4482545151  +326

Is there a possibility something is webcrawling your site?

-- 
Andrew Milton
[EMAIL PROTECTED]
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: AW: Re: Zope won't start on Windows XP

[Pawel Lewicki]

Tres Seaver wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Holger Butschek wrote:

It looks as though you have a borked Zope installation:  how did you

install Zope?

What does borked mean? I installed it with the windows installer. The file
ist from zope.org.


The traceback indicated that AccessControl.ImplC couldn't import
AccessControl.ImplPython, which sounds to me as though the installation
is corrupt.


Tres.


I had the same error when I built Zope on Linux. It was caused by 
missing zlib headers. But windows installer worked fine to me.


Pawel

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Memory Leak Debugging

[Peter Bengtsson]

Hi,
I'm NOT an expert and I hope that someone else who is an expert gives
you better advise but here's a start...
Do you have any recursive loops with lists that doesn't reset the
list? Perhaps something like this:

def findAllImages(self, placetolook, append2):
for o in placetolook.objectValues():
if o.meta_type == 'Silva Image':
append2.append(o)
elif o.isPrincipiaFolderish:
findAllImages(o, append2)
or something like that.

I had a memory leak and the refcounts pointed to the Photo class.
Turns out that I did a bizarre loop over these without resetting it
properly after. It was a bitch to debug and it was a long time ago
when Zope was called zope 2.3.

That's all I've got to offer. Scan your code for places where you
create lists by loops on the ZODB. 2000 objects is enough if they are
piled up and not freed until a server restart. Heck, if they're big,
200 is enough.

On 2/15/06, Jonathan Bowlas <[EMAIL PROTECTED]> wrote:
> Hi All,
>
> We're having serious problems with performance running Silva CMS on Zope
> 2.7.8-final, python 2.3.5, linux2 set up on a machine with 2.5GB RAM. There
> are currently only about 65 users and around 2000 documents in the CMS but
> it seems to run for a week, then the RAM fills up and crashes so we have to
> restart the server manually.
>
> The Zope logs aren't much help as I enquired on the Zope list and their
> response was we need more RAM. But surely 2.5GB is enough.
>
> I've also checked Control_Panel/DebugInfo for any refcounts with significant
> jumps and Products.Silva.Image.Image seems to be the culprit:
>11.32am  11.36am
> Products.Silva.Image.Image 5620358153  +1950
> Acquisition.ImplicitAcquirerWrapper4482545151  +326
>
> So we've tried to figure out which kind of request triggers these refcount
> jumps by creating a separate instance with a very small ZODB Cache (so it
> gets filled up soon), and clicked around a little, watching the refcounts
> but we cannot seem to replicate it.
>
> So basically this is a plea for help from an expert Zope debugger who can
> assist us in finding the source of the problem so we can resolve it. Or
> alternatively someone who can give us a set of instructions that we can
> follow that will enable us to locate the problem, I've googled it and there
> are no clear answers.
>
> FYI we have the following products installed on our Zope instance.
>
> Annotations 0.4.3
> BTreeFolder2-1.0.1
> DocFinderTab (0.5.2)
> External Method-1-0-0
> FileSystemSite 1.4.2
> Formulator 1.10
> Groups 0.4
> IssueTrackerProduct (0.6.13)
> LDAPUserFolder (2.3)
> MIMETools
> MailHost-1-3-0
> OFSP-1-0-0
> PageTemplates-1-4-0
> ParsedXML 1.4
> PlacelessTranslationService (1.0)
> PluginIndexes
> ProxyIndex 1.2
> PythonScripts-2-0-0
> Sessions
> Silva 1.4.1
> SilvaBlog 0.4.2
> SilvaCustomAutoTOC 0.9
> SilvaDocument 1.4.1
> SilvaDocumentPatches 1.3b6-1
> SilvaExtETHLDAP 0.7
> SilvaExternalSources 0.10.3
> SilvaMetadata 0.10
> SilvaNewsNetwork 2.0
> SilvaReferenceChecker 0.2
> SilvaStylesheets 0.6.2
> SilvaUCLAttributes 0.7 - (A UCL product*)
> Silva UCL Gallery 0.1 - (A UCL product*)
> SilvaUCLSubjectAudienceFilters 0.6 - (A UCL product*)
> SilvaViews 0.11
> SiteAccess-2-0-0
> SiteErrorLog
> Sprout 0.6.2
> StandardCacheManagers-1-1-0
> TemporaryFolder
> Transience
> Tropos (1.9.12)
> XMLWidgets-Pluggable 0.13 (CVS/UNRELEASED)
> ZCTextIndex
> ZCatalog-2-2-0
> ZGadflyDA
> ZMySQLDA 2.0.8
> ZODBMountPoint
> ZOracleDA
> ZReST (1.1)
> ZSQLMethods
> Zope Tutorial 1.2
> kupu 1.3.2
> z3locales 0.1
>
> If you require any further information do not hesitate to ask.
>
> Hope someone can help.
>
> Jon Bowlas
> University College London
>
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

RE: [Zope] Memory Leak Debugging

[Jonathan Bowlas]

And now in plain text, sorry for the HTML.


From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jonathan Bowlas
Sent: 15 February 2006 11:47
To: zope@zope.org
Subject: [Zope] Memory Leak Debugging

Hi All,

We're having serious problems with performance running Silva CMS on Zope
2.7.8-final, python 2.3.5, linux2 set up on a machine with 2.5GB RAM. There
are currently only about 65 users and around 2000 documents in the CMS but
it seems to run for a week, then the RAM fills up and crashes so we have to
restart the server manually.

The Zope logs aren't much help as I enquired on the Zope list and their
response was we need more RAM. But surely 2.5GB is enough.

I've also checked Control_Panel/DebugInfo for any refcounts with significant
jumps and Products.Silva.Image.Image seems to be the culprit:
   11.32am  11.36am
Products.Silva.Image.Image     56203    58153      +1950
Acquisition.ImplicitAcquirerWrapper    44825    45151      +326

So we've tried to figure out which kind of request triggers these refcount
jumps by creating a separate instance with a very small ZODB Cache (so it
gets filled up soon), and clicked around a little, watching the refcounts
but we cannot seem to replicate it.

So basically this is a plea for help from an expert Zope debugger who can
assist us in finding the source of the problem so we can resolve it. Or
alternatively someone who can give us a set of instructions that we can
follow that will enable us to locate the problem, I've googled it and there
are no clear answers.

FYI we have the following products installed on our Zope instance.

Annotations 0.4.3
BTreeFolder2-1.0.1
DocFinderTab (0.5.2)
External Method-1-0-0
FileSystemSite 1.4.2
Formulator 1.10
Groups 0.4
IssueTrackerProduct (0.6.13)
LDAPUserFolder (2.3)
MIMETools
MailHost-1-3-0
OFSP-1-0-0
PageTemplates-1-4-0
ParsedXML 1.4
PlacelessTranslationService (1.0)
PluginIndexes
ProxyIndex 1.2
PythonScripts-2-0-0
Sessions
Silva 1.4.1
SilvaBlog 0.4.2
SilvaCustomAutoTOC 0.9
SilvaDocument 1.4.1
SilvaDocumentPatches 1.3b6-1
SilvaExtETHLDAP 0.7
SilvaExternalSources 0.10.3
SilvaMetadata 0.10
SilvaNewsNetwork 2.0
SilvaReferenceChecker 0.2
SilvaStylesheets 0.6.2
SilvaUCLAttributes 0.7 - (A UCL product*)
Silva UCL Gallery 0.1 - (A UCL product*)
SilvaUCLSubjectAudienceFilters 0.6 - (A UCL product*)
SilvaViews 0.11
SiteAccess-2-0-0
SiteErrorLog Sprout 0.6.2
StandardCacheManagers-1-1-0
TemporaryFolder
Transience
Tropos (1.9.12)
XMLWidgets-Pluggable 0.13 (CVS/UNRELEASED)
ZCTextIndex
ZCatalog-2-2-0
ZGadflyDA
ZMySQLDA 2.0.8
ZODBMountPoint
ZOracleDA
ZReST (1.1)
ZSQLMethods
Zope Tutorial 1.2
kupu 1.3.2 
z3locales 0.1

If you require any further information do not hesitate to ask.

Hope someone can help.

Jon Bowlas
University College London


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Memory Leak Debugging

[Jonathan Bowlas]

Hi All,

 

We're having serious
problems with performance running Silva CMS on Zope 2.7.8-final, python 2.3.5,
linux2 set up on a machine with 2.5GB RAM. There are currently only about 65
users and around 2000 documents in the CMS but it seems to run for a week, then
the RAM fills up and crashes so we have to restart the server manually.

 

The Zope logs aren't much
help as I enquired on the Zope list and their response was we need more RAM.
But surely 2.5GB is enough.

 

I've also checked
Control_Panel/DebugInfo for any refcounts with significant jumps and
Products.Silva.Image.Image seems to be the culprit:

  
11.32am  11.36am

Products.Silva.Image.Image     56203
   58153      +1950

Acquisition.ImplicitAcquirerWrapper   
44825    45151      +326

 

So we've tried to figure out
which kind of request triggers these refcount jumps by creating a separate
instance with a very small ZODB Cache (so it gets filled up soon), and clicked
around a little, watching the refcounts but we cannot seem to replicate it.

 

So basically this is a plea
for help from an expert Zope debugger who can assist us in finding the source
of the problem so we can resolve it. Or alternatively someone who can give us a
set of instructions that we can follow that will enable us to locate the
problem, I've googled it and there are no clear answers.

 

FYI we have the following
products installed on our Zope instance.

 

Annotations 0.4.3

BTreeFolder2-1.0.1

DocFinderTab (0.5.2)

External Method-1-0-0

FileSystemSite 1.4.2

Formulator 1.10

Groups 0.4

IssueTrackerProduct (0.6.13)

LDAPUserFolder (2.3)

MIMETools

MailHost-1-3-0

OFSP-1-0-0

PageTemplates-1-4-0

ParsedXML 1.4

PlacelessTranslationService
(1.0)

PluginIndexes

ProxyIndex 1.2

PythonScripts-2-0-0

Sessions

Silva 1.4.1

SilvaBlog 0.4.2

SilvaCustomAutoTOC 0.9

SilvaDocument 1.4.1

SilvaDocumentPatches 1.3b6-1

SilvaExtETHLDAP 0.7

SilvaExternalSources 0.10.3

SilvaMetadata 0.10

SilvaNewsNetwork 2.0

SilvaReferenceChecker 0.2

SilvaStylesheets 0.6.2

SilvaUCLAttributes 0.7 - (A
UCL product*)

Silva UCL Gallery 0.1 - (A
UCL product*)

SilvaUCLSubjectAudienceFilters
0.6 - (A UCL product*)

SilvaViews 0.11

SiteAccess-2-0-0

SiteErrorLog Sprout 0.6.2

StandardCacheManagers-1-1-0

TemporaryFolder

Transience

Tropos (1.9.12)

XMLWidgets-Pluggable 0.13
(CVS/UNRELEASED)

ZCTextIndex

ZCatalog-2-2-0

ZGadflyDA

ZMySQLDA 2.0.8

ZODBMountPoint

ZOracleDA

ZReST (1.1)

ZSQLMethods

Zope Tutorial 1.2

kupu 1.3.2 

z3locales 0.1

 

If you require any further
information do not hesitate to ask.

 

Hope someone can help.

 

Jon Bowlas

University
College London

 






___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Memory Leak Debugging

[Jonathan Bowlas]

Hi All,

We're having serious problems with performance running Silva CMS on Zope
2.7.8-final, python 2.3.5, linux2 set up on a machine with 2.5GB RAM. There
are currently only about 65 users and around 2000 documents in the CMS but
it seems to run for a week, then the RAM fills up and crashes so we have to
restart the server manually.

The Zope logs aren't much help as I enquired on the Zope list and their
response was we need more RAM. But surely 2.5GB is enough.

I've also checked Control_Panel/DebugInfo for any refcounts with significant
jumps and Products.Silva.Image.Image seems to be the culprit:
   11.32am  11.36am
Products.Silva.Image.Image 5620358153  +1950
Acquisition.ImplicitAcquirerWrapper4482545151  +326

So we've tried to figure out which kind of request triggers these refcount
jumps by creating a separate instance with a very small ZODB Cache (so it
gets filled up soon), and clicked around a little, watching the refcounts
but we cannot seem to replicate it.

So basically this is a plea for help from an expert Zope debugger who can
assist us in finding the source of the problem so we can resolve it. Or
alternatively someone who can give us a set of instructions that we can
follow that will enable us to locate the problem, I've googled it and there
are no clear answers.

FYI we have the following products installed on our Zope instance.

Annotations 0.4.3
BTreeFolder2-1.0.1
DocFinderTab (0.5.2)
External Method-1-0-0
FileSystemSite 1.4.2
Formulator 1.10
Groups 0.4
IssueTrackerProduct (0.6.13)
LDAPUserFolder (2.3)
MIMETools
MailHost-1-3-0
OFSP-1-0-0
PageTemplates-1-4-0
ParsedXML 1.4
PlacelessTranslationService (1.0)
PluginIndexes
ProxyIndex 1.2
PythonScripts-2-0-0
Sessions
Silva 1.4.1
SilvaBlog 0.4.2
SilvaCustomAutoTOC 0.9
SilvaDocument 1.4.1
SilvaDocumentPatches 1.3b6-1
SilvaExtETHLDAP 0.7
SilvaExternalSources 0.10.3
SilvaMetadata 0.10
SilvaNewsNetwork 2.0
SilvaReferenceChecker 0.2
SilvaStylesheets 0.6.2
SilvaUCLAttributes 0.7 - (A UCL product*)
Silva UCL Gallery 0.1 - (A UCL product*)
SilvaUCLSubjectAudienceFilters 0.6 - (A UCL product*)
SilvaViews 0.11
SiteAccess-2-0-0
SiteErrorLog
Sprout 0.6.2
StandardCacheManagers-1-1-0
TemporaryFolder
Transience
Tropos (1.9.12)
XMLWidgets-Pluggable 0.13 (CVS/UNRELEASED)
ZCTextIndex
ZCatalog-2-2-0
ZGadflyDA
ZMySQLDA 2.0.8
ZODBMountPoint
ZOracleDA
ZReST (1.1)
ZSQLMethods
Zope Tutorial 1.2
kupu 1.3.2
z3locales 0.1

If you require any further information do not hesitate to ask.

Hope someone can help.

Jon Bowlas
University College London

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Advice needed before settling on Zope

[Lennart Regebro]

On 2/15/06, bruno desthuilliers <[EMAIL PROTECTED]> wrote:
> Now for the downside:
> - CPS is a complex beast built on top of CMF, which is a complex beast
> built on top of Zope2 which is itself already quite complex.

Well, that is true. But I think that is true of any enterprise CMS. We
do know that Zopes2 expansion by tacking on stuff makes it look like
the house of the Weasleys, mostly held together by magic, than the
nice factory floor that we like. But the only solution for that is
Zope3, and writing a CMS from scratch, which has started with the
z3lab effort.

So I guess its a matter of speed vs cleanlyness. ;-)

--
Lennart Regebro, Nuxeo http://www.nuxeo.com/
CPS Content Management http://www.cps-project.org/
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Advice needed before settling on Zope

[bruno desthuilliers]

Lennart Regebro wrote:
> On 2/15/06, Rainsford, David <[EMAIL PROTECTED]> wrote:
> 
>>Our client is quite specific about what they require and how they want it to
>>be presented, so ease of customisation and extensibility is a major factor.
>>We have looked around at existing CMSes but have not found one that fulfills
>>all of our requirements or that is customisable enough that we can fulfill
>>our requirements with a bit of work.  We looked at Plone, and then I decided
>>we might be better off going down a level and building on Zope.
> 
> 
> Have you looked at CPS? It seems to fulfill most of your requirements
> out of the box.

I can confirm this - In fact, I was about to post about it !-)

Now for the downside:
- CPS is a complex beast built on top of CMF, which is a complex beast
built on top of Zope2 which is itself already quite complex.
- Zope2's documentation is in a very sorry state (lot of outdated stuff,
sometime contracting each others, and lot of undocumented or
underdocumented features and gotchas).
- It's even worse for CPS and CMF since they have almost no usable
documentation. Due to the hi abstraction level of these frameworks, even
using-the-code-luke can become a kind of nightmare.

Learning Python is surely not a problem. Any decent programmer should be
able to productive with Python in less than 2 weeks. The problem is
learning Zope2, then learning CMF and CPS. And this is really another story.

Not to say you shouldn't use Zope or CPS - they are both great pieces of
software and you should definitely take time to evaluate CPS as a
possible solution.

Now would you choose to stick to 'barebone' Zope, and since you're fresh
to Zope, I'd say that Zope3 might be a far better option than Zope2. And
 AFAICT, Zope3 seems to be better documented than Zope2.

My 2 cents...
-- 
bruno desthuilliers
développeur
[EMAIL PROTECTED]
http://www.modulix.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Advice needed before settling on Zope

[michael nt milne]

Hi

>We looked at Plone, and then I decided we
might be better off going down a level and building on Zope.

What turned you off Plone?


On 2/15/06, Lennart Regebro <[EMAIL PROTECTED]> wrote:
> On 2/15/06, Rainsford, David <[EMAIL PROTECTED]> wrote:
> > Our client is quite specific about what they require and how they want it to
> > be presented, so ease of customisation and extensibility is a major factor.
> > We have looked around at existing CMSes but have not found one that fulfills
> > all of our requirements or that is customisable enough that we can fulfill
> > our requirements with a bit of work.  We looked at Plone, and then I decided
> > we might be better off going down a level and building on Zope.
>
> Have you looked at CPS? It seems to fulfill most of your requirements
> out of the box.
>
> --
> Lennart Regebro, Nuxeo http://www.nuxeo.com/
> CPS Content Management http://www.cps-project.org/
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>


--
Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Re: Re: major problems placing authentication on an extranet site-security flaw?

[michael nt milne]

Chris, back to throwing personal insults eh. I'll refrain from going
down that line as it's tedious and un-professional. You've obviously
not listened to the advice of your fellow peers on that front.
Everyone can take on a little advice and I've remarked previously that
I was wrong in my initial approach with this post which has now blown
out of all proportion and is to be honest a bit of a joke.

Security is hard and I'm getting my head round it. I'm also newish to
Zope and Plone and feel I've progressed pretty well in about 6 months
considering I do a full-time job too. It is a steep learning curve and
the more people that persevere with it the better.

Whilst I find the Zope and Plone lists generally fantastic. They're
the best user based lists I have experienced. However they're not
helped by the attitude displayed by you, Chris and your inability to
refrain from 'gratuitous insults'. That's just going to turn people
away and harm the cause of Zope.

To answer some of your points:


>>I hope you're making sure the "secure" bit is set on those cookies ;-)

I take it this is a joke. Plone uses cookie authentication by default.
You can't log in with out that. There are security risks there but
good user education with a strong password policy, no use of 'save
password' facilities and SSL is a start at least.

>>Considering you can't even quote a response correctly, I somehow doubt
that..

Oh come on.

>Fine, don't take our advice, but don't expect help either.

What because I don't take all your advice? That's a bit elitist and
also not good for growing the user base of Zope.


>>Sheesh, sorry, but I've come to the conclusion you're just trolling and
so won't be wasting my time with any more of your posts...

Well you're wrong on that one as well. You're probably just not suited
to helping out newer users. I wouldn't suggest customer service as a
second career..:-)

And to finish on my problem with IE over SSL, I'll be implementing the
help found here. It's recognised that there are problems and bugs in
IE over SSL:

http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html

"The first reason is that the SSL implementation in some MSIE versions
has some subtle bugs related to the HTTP keep-alive facility and the
SSL close notify alerts on socket connection close. Additionally the
interaction between SSL and HTTP/1.1 features are problematic in some
MSIE versions. You can work around these problems by forcing Apache
not to use HTTP/1.1, keep-alive connections or send the SSL close
notify messages to MSIE clients. This can be done by using the
following directive in your SSL-aware virtual host section

 SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Further, some MSIE versions have problems with particular ciphers.
Unfortunately, it is not possible to implement a MSIE-specific
workaround for this, because the ciphers are needed as early as the
SSL handshake phase. So a MSIE-specific SetEnvIf won't solve these
problems. Instead, you will have to make more drastic adjustments to
the global parameters. Before you decide to do this, make sure your
clients really have problems. If not, do not make these changes - they
will affect all your clients, MSIE or otherwise."





On 2/14/06, Chris Withers <[EMAIL PROTECTED]> wrote:
> Alexander Limi wrote:
> > On Tue, 14 Feb 2006 04:59:07 -0800, Dario Lopez-Kästen
> > <[EMAIL PROTECTED]> wrote:
> >
> >> *HOWEVER*, IIRC, plone, especially on windows (if installed with the
> >> windows installer) uses a trick, which is not documented at all, as
> >> far as I know, uses a Site Access rule.
> >
> > http://plone.org/documentation/faq/multiple-sites-installers
> >
> > What part is not documented at all? :)
>
> *sigh*
>
> If it uses an Access Rule, it's likely still a dirty trick that will
> confuse retards like Michael, I'd suggest removing it...
>
> Chris
>
> --
> Simplistix - Content Management, Zope & Python Consulting
> - http://www.simplistix.co.uk
>
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>


--
Michael
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Advice needed before settling on Zope

[Lennart Regebro]

On 2/15/06, Rainsford, David <[EMAIL PROTECTED]> wrote:
> Our client is quite specific about what they require and how they want it to
> be presented, so ease of customisation and extensibility is a major factor.
> We have looked around at existing CMSes but have not found one that fulfills
> all of our requirements or that is customisable enough that we can fulfill
> our requirements with a bit of work.  We looked at Plone, and then I decided
> we might be better off going down a level and building on Zope.

Have you looked at CPS? It seems to fulfill most of your requirements
out of the box.

--
Lennart Regebro, Nuxeo http://www.nuxeo.com/
CPS Content Management http://www.cps-project.org/
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] restricting permissions for direct access only

[Chris Withers]

Michael Shulman wrote:

Okay, I must be the most moronic user ever.  The default text in a
newly created Python Script, which I did not bother to change for my
test case, accesses meta_type, but I did not notice this; thus I was
confused.  (Just out of curiosity, what permissions are required to
access meta_type?)


Depends, should be 'View', or most likely not protected at all, but I 
guess you found an object where it was protected with something else...



But... it's still not working for my real site.  I think the issue is
this.  If script1 has proxy role Manager, and script2 has view
permissions set only for Manager, then script1 can call script2, no
problem.  But if script1 instead calls script3, which then calls
script2, it doesn't work unless script3 *also* has proxy role Manager.


Yes, this was a deliberate change made a few major releases ago. I've 
never mich liked it myself for exactly the reason you describe. I wonder 
if anyone who knows could point out why this change was made, I'm sure 
the reasons were good...



 Is there a way to make scripts inherit proxy roles from their
callers? 


Both I and you wish there was ;-)

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Zope 2.9 and SSL

[Chris Withers]

Janusz Zamecki wrote:

Is anyone tried to access Zope 2.9 via SSL? I've tried m2crypto, but
this doesn't work with the newest zope. 


*sigh* m2crypto needs a bullet in its brain.

Use Apache (doing the SSL) in frotn of Zope, that's the standard and 
safest way to do it...



And I've tried to use stunnel,


Ugh!


The easiest way is to use Apache, but I have reasons to not go that way.


They better be good... care to tell us what they are?

cheers,

Chris

--
Simplistix - Content Management, Zope & Python Consulting
   - http://www.simplistix.co.uk

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Re: Advice needed before settling on Zope

[Maik Ihde]

Hi David,

> We have to build a content/document management system for our company, and I
have been assigned to look into this and make a start.  The system has quite a
few requirements, which I'll outline below.

As you might already know, there are quite a few CMS built on top of Zope2.
Zope3 seems to be getting more and more momentum as people find out that it's
concepts and ideas are really superior.

> Version Control: we need quite complex version control.  Lets say we have
document x.  This document will be developed and worked on by multiple users. 
At the same time, this will also be translated into other languages.  If a
change is made to the English version, then that change will have to be made in
other languages too.  I think that in Version Control speak, the different
languages can be thought of as different renditions.

Version control is already used in various Zope-Products (CPS for example). So
you need to keep track on multilingual Content here. The translations are to be
done by human beings, though? Do you just want to create a new version in a
certain workflow-state for the other language-versions when a new english
version occurs?

> Workflow Control: because of the number of people involved, we need to have a 

Well, Workflows are there. In Zope2 Land You have DCWorkflow, some OpenFlow
Variant and also AlphaFlow on the Plone Side. In Zope3 there is also a Workflow
Package, so I think the Infrastructure is there too.

> Document Management - the system is all about documents.  They would like the
ability to organise the documents into different pages for people to download. 
They should be able to download older versions or different renditions.  Also
each document will be available only to certain groups or roles.

No Problems here as well, especially the security model of both Zope2 and Zope3
is really well suited for such Applications.

> Our client is quite specific about what they require and how they want it to
be presented, so ease of customisation and extensibility is a major factor.  We
have looked around at existing CMSes but have not found one that fulfills all of
our requirements or that is customisable enough that we can fulfill our
requirements with a bit of work.  We looked at Plone, and then I decided we
might be better off going down a level and building on Zope.

Then definetely you are right in betting on Zope. I would even say, that it
sounds like you should choose Zope3 - however this is hard to say, since your
requirements are not very specific. But if customisation and extensibility are
important then it sounds like Zope3 to me.

>settle on Zope, would we be wiser using the 2.x version or the 3.x version?  I
>imagine that 2.x has more documentation and more addons (e.g. for versioning,
>workflow etc.).

Yes, but Zope2 is a complex Beast which has to carry a lot of historical
weirdnesses around. Zope3 has a much better structure but there are not so many
Addons available yet. 

I would advise that you have a look at the zope3 Malinglist and try to find out
if the already existing Component Infrastructure roughly suits your needs. I
mean Database Connectivity, LDAP and that stuff. 

Kind Regards
Maik


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )