[Zope] Pword reset tools
It looks like there are no pa55word reset products for straight Zope that are still maintained i.e. a feature to allow users to reset their own pa55words via email linking into aclusers. If that is correct does anybody have any pointers for implementing such a mechanism with a one time email reset tool? TIA (Re-posted to remove administrivia keywords!) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Thread Number
Is there anything important to consider when increasing the thread count above 7 as outlined here in 24.4.2/3: http://docs.zope.org/zope2/zope2book/MaintainingZope.html I have tried to 10 but encounter problems with number of open file descriptions on Centos 6. Cheers Rich___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Thread Number
Noted, thanks On 22 May 2013, at 08:42, Andreas Jung li...@zopyx.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reducing the number of threads (down to 1) and having multiple app-servers is usually the way to go instead of increasing the number of threads. - -aj Richard Harley wrote: Is there anything important to consider when increasing the thread count above 7 as outlined here in 24.4.2/3: http://docs.zope.org/zope2/zope2book/MaintainingZope.html I have tried to 10 but encounter problems with number of open file descriptions on Centos 6. Cheers Rich ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) - -- ZOPYX Limited | Python | Zope | Plone | MongoDB Hundskapfklinge 33| Consulting Development D-72074 Tübingen | Electronic Publishing Solutions www.zopyx.com | Scalable Web Solutions - -- Produce Publish - www.produce-and-publish.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJRnHbTAAoJEADcfz7u4AZjYiMLwKqN+eE8J94ljCgiqcI3Jl8J lO5G7tUenBjSq+odE4uZgPgT+P/n8qeajiU1capmcCIc0c9CidGImRHwFODp6ehf gZ8Vey1zHFhSrsQumix//zgYVf57NRHFzXqjRy2brGZ/sILN5SorVcssLKN8bUAa xNvx33yuTJyRBhfwZjki85JJcP6LGdRZkXihZq8qV/G0i14X25L9ZX2oT8ciucOr YALM0780KdL/0rtfvsiQ1lGB8QUU8iiQrfl44t5mCS6pDxobR4XGWb5esJ9rZniW 8bqCqp2KxHOYDJ0yu6EYdWUuZ+9zktcGXVt9mk3ZJ9Gn7Bhkt70fLooCUyWiS9i2 XaSGpCo96GxR6NtF5bLRgHHnl56OgnlR/zlun0bmbx4H8vRZ7OpZjONvrSEKInu+ 4siJ0X2648doBZwbAHAh3Mw79WNwAXEcnNTbm8JRE4agPcmovKa/LMAm+EjX5i0O lEccQXg7bvwjkg3Gm0LuEdUbKP/guZg= =UYQs -END PGP SIGNATURE- lists.vcf ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope and security vulnerability: 20121106
So, to clarify, does this affect plain Zope 2.10, no Plone? Rich On 12/11/12 12:02, johannes raggam wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The affected versions go back a long time. I don't know it exactly, but people have used it successfully with Plone 2.1 (from ancient times) and I have patched Zope 2.8 instances too. On 11/11/2012 09:43 PM, Allen Schmidt wrote: For which zope versions? On Nov 11, 2012 2:16 PM, johannes raggamraggam...@adm.at mailto:raggam...@adm.at wrote: You can just apply the Plone hotfix for Zope only installations. The Plone patches are not applied then. Johannes On 11/11/2012 06:32 PM, Marcus Schopen wrote: Hi, is a standard Zope affected by this security vulnerability or only if Plone is installed: http://plone.org/products/plone/security/advisories/20121106-announcement The patch is replacing some basic classes therefore it looks to me that Zope itself without any Plone is vulnerable too. If so is there a Hotfix for Zope or new Zope version which fixes these bugs? Ciao Marcus ___ Zope maillist - Zope@zope.orgmailto:Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.orgmailto:Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) - -- programmatic web development di(fh) johannes raggam / thet python plone zope development mail: off...@programmatic.pro web: http://programmatic.pro http://bluedynamics.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCg5WkACgkQW4mNMQxDgAfsyACgvbuoNO8ocpordzJmbH3X0OA2 gCsAnAkFNozMy1TRGWTKQjaYQgzLIisM =DpGn -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Python scripts
Hi On Zope 2.10 is there a simple/universal way to only allow python scripts to be called by DTML methods or other python scripts and not directly TTW? Thanks Rich ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Python scripts
That works great, thanks. So there is no way to do this across, say, a
folder with hundreds of scripts in without duplicating the code in each
individually?
On 06/07/12 13:30, Laurence Rowe wrote:
On 6 July 2012 14:09, Richard Harleyrich...@scholarpack.com wrote:
On Zope 2.10 is there a simple/universal way to only allow python scripts to
be called by DTML methods or other python scripts and not directly TTW?
You can check that the script is not the published object with:
if container.REQUEST['PUBLISHED'] is script:
raise 'Forbidden'
For newer versions of Zope raise an exception object:
from zExceptions import Forbidden
if container.REQUEST['PUBLISHED'] is script:
raise Forbidden('Script may not be published.')
Laurence
___
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] CookieCrumbler, any new versions or replacement?
What is the main advantage of PAS over cookie crumbler over SSL out of interest? Cheers Rich On 2 Feb 2012, at 21:57, Shane Hathaway sh...@hathawaymix.org wrote: On 02/02/2012 10:46 AM, Hugo Ramos wrote: I need to reuse a web application I developed around 2005/2006. This App was using CookieCrumbler as it's only authentication method but it seems that after zope 2.11.x the product is broken as it has a few imports from deprecated classes. Anyone knows about CookieCrumbler versions above 1.2 or some other replacement for this product? Zope's pluggable authentication service replaces it. Shane ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Python Script Security
Hello all I have a dtml method which builds a page from various different python scripts. How can I stop the python scripts from being called and passed variables independently of the main dtml method? I've tried some research on proxy roles but couldn't pin it down. ZSQL methods are not callable independently and I would like Python Scripts to behave the same. TIA Rich ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] zopetime behaviour
Hi all I hope I'm not missing something obvious here. ZopeTime is gaining two hours when it's string formatted. * thistime = context.ZopeTime().strftime(%Y/%m/%d %H:%M:%S) print ZopeTime: print context.ZopeTime() print String formatted ZopeTime: print thistime * The output is this:* *ZopeTime: 2011/09/20 10:16:12.628 GMT+1 String formatted ZopeTime: 2011/09/20 12:16:12 How come string formatted ZopeTime gains two hours? Cheers Rich ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] is it possible to upgrade from 2.9 to 2.13?
Does anyone have any further information on this bug in 2.10 regarding ZSQL methods? Would an upgrade from 2.9 to 2.10+ in an app using lots of zsql methods cause unforseen issues? On 04/07/11 09:46, Stefan Loidl wrote: Hi Fernando, the option 'enable-product-installation' in zope.conf has to be set to on to enable product registration of old products in the Products directory. Regards, Stefan Am 03.07.2011 18:44, schrieb Fernando Martins: On 07/03/2011 09:30 AM, Fernando Martins wrote: merely dropping Products in the site-packages does not add a product. Browsing through the list I saw this post: https://mail.zope.org/pipermail/zope/2011-June/176165.html with reference to a directive in zope.conf: products /usr/local/Products.CMFCore-2.2.4/ I tried it with the package Products.ZSQLMethods here: http://pypi.python.org/pypi/Products.ZSQLMethods but no product is added and I see no error messages. The README.txt is not helpful and I found nothing useful in zope docs. In despair, I tried python setup.py build/install and all I got is a lot of zope packages being downloaded and dumped into the python install. Could someone be so kind to tell me the procedure to install Products from pypi? Is it possible to do it also with old products not in pypi? Also, what is the difference between zope.xxx and Products.xxx packages? Regards, Fernando ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) -- Rich Harley Director (Development) (0044) 01754 871243 | http://www.scholarpack.com ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] AUTHENTICATED_USER
Please could someone tell me why AUTHENTICATED_USER was deprecated in favour of the python security module? A quick google says because it can be replaced..but this isn't really a good in depth explanation? If a request was manipulated to include another AUTHENTICATED_USER, wouldn't Zope just error out anyway? Cheers ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] AUTHENTICATED_USER
Hmmm, I just stumbled upon some deprecation warnings in a google for authenticated_user and that security getUser...equivalent should be used instead. Something like this - http://www.mail-archive.com/zope@zope.org/msg21432.html Quoting Tres Seaver tsea...@palladion.com: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/13/2011 03:36 PM, Richard Harley wrote: Please could someone tell me why AUTHENTICATED_USER was deprecated in favour of the python security module? A quick google says because it can be replaced..but this isn't really a good in depth explanation? If a request was manipulated to include another AUTHENTICATED_USER, wouldn't Zope just error out anyway? What makes you say that AUTHENTICATED_USER is deprecated? ZPublisher sets and uses the variable in the environment without any deprecations. Tres. - -- === Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software Excellence by Designhttp://palladion.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3NjKUACgkQ+gerLs4ltQ5RiQCfVWCiOZ7mmfkaZIYLv9JFQsF/ XtEAoJcqmxc9+4YBvzxTP23Sjq8fVhlN =MhRQ -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Zope Dates
Hello all Hoping there is a quick fix for this - I'm trying to change how Zope formats dates. I want dd/mm/ but Zope is forcing -mm-dd. I've changed the format in zope.conf to 'international' but this makes no difference. I know dates can be formatted at the front end (i.e. fmt=) but it would be really useful to have Zope sort this out for me without having to do any string formatting. Any ideas? Thanks Richard ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zope Dates
Thanks Andreas - so there is no way to set a date format at an intermediate layer so that all dates are rendered a certain way without string formatting? Am I naive in thinking this could possibly be done at the db adapter level? Thanks On 03/05/11 12:26, Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'international' only affects the format for parsing dates as far as I can recall. Using strftime() gives you full control over the output format. Your application should not rely on the default format. If you need a custom date output format then define it explicitly in your application. - -aj Richard Harley wrote: Hello all Hoping there is a quick fix for this - I'm trying to change how Zope formats dates. I want dd/mm/ but Zope is forcing -mm-dd. I've changed the format in zope.conf to 'international' but this makes no difference. I know dates can be formatted at the front end (i.e. fmt=) but it would be really useful to have Zope sort this out for me without having to do any string formatting. Any ideas? Thanks Richard ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) - -- ZOPYX Limited | zopyx group Charlottenstr. 37/1 | The full-service network for Zope Plone D-72070 Tübingen| Produce Publish www.zopyx.com | www.produce-and-publish.com - E-Publishing, Python, Zope Plone development, Consulting -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJNv+ZLAAoJEADcfz7u4AZjUBkLwKy594OzaZMRAMDZGL3nL9g0 H+jFAsQHWsEy/3UbKzo//Ogh9TgQHrEaFOAEk36/lS0iWjQ0kq7bWzreFWkzApb2 fVOWHoVwtIIcgItlxEl0zgu/XGA/rw+1cIK1yxEy45H2BHHhXP8B1CVRUpwatlrR lIDN3KXo0vem8tOa/DGcUISbW4VFpQU63qNOKfW4+hU/HJcoFeFs+jqSWro8F2+Q hghoSTSM5GtX9h0hksBNJaVK+0wcD59R2fQZ28QdCz+cuiTe97cG+MW9Wd+GDeq6 6bgi915KgrsSfwSZ+lGYr/FssPSiFtZk11xDJsvF0XKSw8JnxjmDvWIaT/gexVDC iPYF9cNJXAsEXlvUZVxhr81BH9/HE/KAOh/hmDC3eg6FqqubmtjQRUp3mnvXnGwZ LWjDm//FBv7BOtr7ftwiLPhpFPZTRh3kzANsLHkIb1o4rjeOo3L8pcQeBzQLRM8b 24b1CQOZvjBfMYgWj3yKYHggYllw1go= =pvLD -END PGP SIGNATURE- -- *Richard Harley* ScholarPack Follow us on Twitter http://twitter.com/spschools Tel: 01754 871243 ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Forum
Hello all Are there any current forums which integrate into Zope nicely? I have tried Zforum and Squishdot in the past but I don't think either of these two have been updated in quite a while? Thanks Rich ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Forum
Ah, ok , thanks - worth a shot :) On 06/01/11 13:12, Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Harley wrote: Hello all Are there any current forums which integrate into Zope nicely? I have tried Zforum and Squishdot in the past but I don't think either of these two have been updated in quite a while? There is no reasonable forum solution for plain Zope 2. - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJNJb/GAAoJEADcfz7u4AZjwdQLv2ZU03N7MJvtOSPXP+A9ir61 s+n2NnvkXOKBXzOv5tq/qxGcMvGkgt4SR8Xin/nT/KI4B7S1KAc/0gKIDdKX+yDu 5QImZBM2et8w4hPeUX6Lv1RAGcL+PbWl25rFTR0ziqquriX90/xZf+v6HgMQixP8 m3zox69iolsHaC7+tS3dYlNlETedS1k0KBbksC34MAcy/U2fHoIH/5YAzinfnkL1 bv1n1kQYAJ3mkHkZ7YgVhppguPqe4vxQ/dkAAxkNOz2FHee0nEARgTljHv8BwsSj RgQLehpCWgAiN6rxzTuZJ3v44L08Gd9zdiPGlhpRpO/zp5ihmVVNUHk8C5zDPgTT jeGZx/iE3VQfY1IeZo5ylzz3L+lzQMpZe2vXAJiBwU8AjJkCfZPpnPOIw2zcGtAm 7N1tKzig5RGK0u2YYSR86jYls2WabbAhoRmoFXClU7eKrt0rm+YjsZ0cQVdzDeEy Zf5MWmwbuantBdeQc6EqkidsbOWiqJE= =2gOP -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Question about Upgrading Zope and OS X Server
I think earlier than Zope 2.12 python 2.4 is mandatory.. don't quote me on that :) On 09/12/10 06:52, Dan Gaibel wrote: So OS X Server Snow Leopard comes with Python 2.6.1. Is there any reason to think that this Python version would cause problems with Zope 2.8.6? We have had nice stability with Python 2.3.5. Either way, is Zope 2.8.7 a significantly better choice than 2.8.6? On Dec 8, 2010, at 8:22 AM, Richard Harley wrote: Dan - we are using 64bit Zope 2.8.7 and python 2.4 with no problems for years now. It can do everything we want with regards to Python scripting, database connectivity etc. I can't think of any huge problems with staying on Zope 2.8.6/7 era. I have said before 2.10+ breaks lots of products that would take ages to hack about (especially for companies using Zope not individuals with time on their hands). I'm all for upgrading, bug fixing and refactoring normally, but the backwards compatibility with Zope makes it harder than it should be. Rich On 08/12/10 12:11, Peter Bengtsson wrote: We're running several perfectly working 2.8 Zopes. They've been very stable. Annoying that Ubuntu insists on making Python 2.4 hard to install but for some of the servers we've changed back to Debian. On 7 December 2010 16:58, Dan Gaibeld...@cornell.edu wrote: Good advice here, thanks! Is it a big mistake to stay at Zope 2.8.6? The server has been very stable for years, apparently. What are the downfalls of not upgrading all the way past 2.10? On Dec 7, 2010, at 2:40 PM, Andrew Milton wrote: +---[ Tres Seaver ]-- | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | On 12/07/2010 01:18 PM, Dan Gaibel wrote: | | I have recently inherited the responsibility of supporting a fairly | complex web server running Zope 2.8.6 on Python 2.3.5. This | configuration is currently on a Linux (Fedora Core) server and I | would like very much to migrate to OS X Server Snow Leopard. It also | seems to me that I should consider upgrading Zope to a more current | release while I'm at it. We heavily use MySQL and associated | products, LocalFS, and the Python Imagining Library. We have a | variety of ZClass homegrown products as well. | | I know that I'm in for a headache no matter what, but I wonder if any | of you folks could point me in the right direction or offer advice on | the situation. Is it crazy to jump from 2.8.6 to 2.12? Does anyone | use OS X Server for Zope? Is this migration a mistake? Any pitfalls I | should be looking out for? | | I would do this in small steps, e.g. first migrate to the new machine / OS: | | - - Get Python 2.3.x installed on the OS/X server. | | - - Build the latest Zope 2.8.* on that server. | | - - Install and test products there in the same versions you now use. | | - - Copy your old database over and test. | | then upgrade the software stack: | | - - Move carefully through the Zope releases (I would to 2.9, 2.10, and' | 2.12), upgrading Python as needed to stay on a supported version. | | - - Check for upgrades to the products, and their compatibility with | Zope versions. Test them, and your site. after each upgrade. The move from 2.9 to 2.10 is likely to be the most painful part in terms of legacy Zope apps. A lot of products will break on 2.10 -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Question about Upgrading Zope and OS X Server
Dan - we are using 64bit Zope 2.8.7 and python 2.4 with no problems for years now. It can do everything we want with regards to Python scripting, database connectivity etc. I can't think of any huge problems with staying on Zope 2.8.6/7 era. I have said before 2.10+ breaks lots of products that would take ages to hack about (especially for companies using Zope not individuals with time on their hands). I'm all for upgrading, bug fixing and refactoring normally, but the backwards compatibility with Zope makes it harder than it should be. Rich On 08/12/10 12:11, Peter Bengtsson wrote: We're running several perfectly working 2.8 Zopes. They've been very stable. Annoying that Ubuntu insists on making Python 2.4 hard to install but for some of the servers we've changed back to Debian. On 7 December 2010 16:58, Dan Gaibeld...@cornell.edu wrote: Good advice here, thanks! Is it a big mistake to stay at Zope 2.8.6? The server has been very stable for years, apparently. What are the downfalls of not upgrading all the way past 2.10? On Dec 7, 2010, at 2:40 PM, Andrew Milton wrote: +---[ Tres Seaver ]-- | -BEGIN PGP SIGNED MESSAGE- | Hash: SHA1 | | On 12/07/2010 01:18 PM, Dan Gaibel wrote: | | I have recently inherited the responsibility of supporting a fairly | complex web server running Zope 2.8.6 on Python 2.3.5. This | configuration is currently on a Linux (Fedora Core) server and I | would like very much to migrate to OS X Server Snow Leopard. It also | seems to me that I should consider upgrading Zope to a more current | release while I'm at it. We heavily use MySQL and associated | products, LocalFS, and the Python Imagining Library. We have a | variety of ZClass homegrown products as well. | | I know that I'm in for a headache no matter what, but I wonder if any | of you folks could point me in the right direction or offer advice on | the situation. Is it crazy to jump from 2.8.6 to 2.12? Does anyone | use OS X Server for Zope? Is this migration a mistake? Any pitfalls I | should be looking out for? | | I would do this in small steps, e.g. first migrate to the new machine / OS: | | - - Get Python 2.3.x installed on the OS/X server. | | - - Build the latest Zope 2.8.* on that server. | | - - Install and test products there in the same versions you now use. | | - - Copy your old database over and test. | | then upgrade the software stack: | | - - Move carefully through the Zope releases (I would to 2.9, 2.10, and' | 2.12), upgrading Python as needed to stay on a supported version. | | - - Check for upgrades to the products, and their compatibility with | Zope versions. Test them, and your site. after each upgrade. The move from 2.9 to 2.10 is likely to be the most painful part in terms of legacy Zope apps. A lot of products will break on 2.10 -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] change permission of image
Thanks Andreas On 16/11/10 13:47, Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Harley wrote: Just want to find out how to change the permissions of a file/image using a python script and can't see this in the documentation. Any ideas? obj.manage_permission(permission, roles, acquire). Check the AccessControl API. - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJM4ot3AAoJEADcfz7u4AZjkmILwM+gL8BhahLdDTUYvPvl99YG gAunc2MhJxohTgz3Sk0BtrHAFHEYQqnfRBS0OMEQmZYKgJ0ysewKBX0CQ9yhwokL SyHMdROLN6+v2e1knE8hp/98ZM4uAZSP1piFEoZwVYlO8VgLruKfH0CcmxHY4QZn GJs/TC4kOf0MH2u0Aqc0LxgAh02cOksx7cZYJHAuccPNVviK2Uia3ie+6RM0gmtv KhZ9EQxEZ9Xr1y++BgifqI547Nvp63iHzXpJ/ckeUG9VHJFo8i+b1HVCe5DMKC1Q Sx1vSwuE0hqRvgs0whVNQkYIM4Dj7rK9+FlJmng01HNO/hvo8jAiWg/WQmBwtCqw L78ebuO3YDS/q/MRner0oFdh3CXUOCyCyvdB9UdkPVhicGr8/4ORxPqxZtBSKVjD S6ersmrn6I8UgiCCnQEz6sTDvwnHTzB+BB0kq2xFeTSHNK6EbU9FybxdkLyC Z+M7hYqMNvb2z4p8+JjGzaTd01YtWqY= =6EI9 -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Zip Folder
Hello all I have been using Zope 2.9 - which works with the zip folder product. Now I upgraded to Zope 2.13 but the zip folder product does not work. Is there an equivalent, or another way of unzipping folders straight into the filesystem? Thanks Richard ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zip Folder
Here's the error log: /2010-11-02T20:29:04 ERROR Application Couldn't install ZipFolder Traceback (most recent call last): File /Zope2-2.13.0c1/zope/lib/python2.7/site-packages/Zope2-2.12.3-py2.7-linux-x86_64.egg/OFS/Application.py, line 646, in install_product global_dict, global_dict, silly) File /home/Zope/Products/ZipFolder/__init__.py, line 1, in module from ZipFolder import * File /home/Zope/Products/ZipFolder/ZipFolder.py, line 60 SyntaxError: Non-ASCII character '\xf6' in file /home/Zope/Products/ZipFolder/ZipFolder.py on line 61, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details/ It is 9 years old now I think - but I haven't seen a substitute! Richard On 03/11/10 13:02, Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Harley wrote: Hello all I have been using Zope 2.9 - which works with the zip folder product. Now I upgraded to Zope 2.13 but the zip folder product does not work. Does not work means what exactly? - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJM0V1rAAoJEADcfz7u4AZj/qkLwJMsGGhUo70cHkmeSKBkgC8i 9UArhVfwinY9mF3laKb8ZebHbipytViCtfM8ZHSgSZlh/ZfT45BfsdREMQaCw5Vw m4ayC+ekqWdG/x4Tf/23njXfksQjTKlqu6dHxSbbqEgzX3wPEK4NPPdaMa68n1P1 0ADs6oVQDxdzTlNe81T/j03Bdg8apOHErpLOg07VbYcGqMHzRTc7wPDdYPFA22si +MOtRry4cx4i0YzLfAQhLQqhWSdv/uWSEejz4DC+VOs8iQzliiUHUJSar8pL81Eo /nPW+Ngi5H537EUxxfTBGTA19X/f6HlG7opPEfibskylPaYRdvoZVP6Y8r46bl54 lU3y7MIgyQiyPnQlyrNZwtMQYEL8Uh02M0QhBlpaXKA29Dg+cIMmoXcUotQ+nbAL CNVc+QmxBPLI1jiX85p6yp4LyLyuR4wFDqcA8PYRyBjzqdvFd4j58pbaHg5mMloQ U4v95uUbh4jidGVdwETfiPvlBVkCMt0= =VWvl -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Zip Folder
OK thanks, I'll have a look. I didn't want to waste time hacking around old products initially. I guess there's not much demand for this then, because it would have been done and released otherwise. I'm surprised it's not a staple part of a zope installation though. Richard On 03/11/10 14:12, Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Harley wrote: Here's the error log: /2010-11-02T20:29:04 ERROR Application Couldn't install ZipFolder Traceback (most recent call last): File /Zope2-2.13.0c1/zope/lib/python2.7/site-packages/Zope2-2.12.3-py2.7-linux-x86_64.egg/OFS/Application.py, line 646, in install_product global_dict, global_dict, silly) File /home/Zope/Products/ZipFolder/__init__.py, line 1, inmodule from ZipFolder import * File /home/Zope/Products/ZipFolder/ZipFolder.py, line 60 SyntaxError: Non-ASCII character '\xf6' in file /home/Zope/Products/ZipFolder/ZipFolder.py on line 61, but no encoding declared; see http://www.python.org/peps/pep-0263.html for details/ It is 9 years old now I think - but I haven't seen a substitute! Well - read tracebacks can be helpful...first look at line 61 of the file and eventually fix it yourself (you see the URL for the particular reason). - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJM0W3BAAoJEADcfz7u4AZjgaELwM5ir7CE8IXwcIccUhW91KL1 zXSekJz3EXIliXOBVL3+XfzEOdDZJ/H/h1Wivm293jbZcZDpZ/SfDeD1vUgBVNsX 7i18e+cZRhs6wqFoKyBxFKtMFc1oMdWz/rXJe88ZOPNmzMZyNzDaaeO20kCwjvR2 Ziqyd31mpe8zF5vZHFPw6fDhaBruH2pIqNbzR9xl/jKuVWdRNK/bmT2Ah5t3vQKe zPBcHU/2re/zcHYGxAkjTDBOmvXNP7fYt+wCFVDl6swWVUUVywYjFY4rkLQIrFTM Sga7STpPw50J2JK81G6aPeJCS6hZ/POBkPFLmJoj9es6B3B4YpxU69j2M/MZUAsk 9GJSwOqta99PoD0uXaTJfWFT+0UQbn5Ia9hwJ057kyKtOAaSkjH4e7RhA7ItNSC1 /Qc4ufy/fCN93+sjwQ5LqPHhWcRwMjTRCNeoc7XllD7n6ePGi+BCYEMHiQWPf6SX sV2KjvM6ZT7gHNrrSCVSDABo/VyCe28= =DxKD -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Logging a user onto zope
Hello all I'm trying to log someone onto Zope not using acl_users - how does this work? Ideally I want to pass variables through a logon page, authenticate against a postgres table then let the user have access to a certain folder. I tried ExUserFolder but it seems over the top for what I want and very dtml-heavy. Thanks Richard ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-DB] Zope-DB Digest, Vol 72, Issue 1
Please can someone explain why ORM is better than speaking directly to the database? Isn't this just adding another layer of complexity which in huge databases is certainly not needed. On 24/08/10 17:00, zope-db-requ...@zope.org wrote: Send Zope-DB mailing list submissions to zope-db@zope.org To subscribe or unsubscribe via the World Wide Web, visit https://mail.zope.org/mailman/listinfo/zope-db or, via email, send a message with subject or body 'help' to zope-db-requ...@zope.org You can reach the person managing the list at zope-db-ow...@zope.org When replying, please edit your Subject line so it is more specific than Re: Contents of Zope-DB digest... Today's Topics: 1. ZSQL Question - Insert multiple rows in one statement? (Mark Phillips) 2. Re: ZSQL Question - Insert multiple rows in one statement? (Andreas Jung) 3. Re: ZSQL Question - Insert multiple rows in one statement? (Sascha Gottfried) -- Message: 1 Date: Tue, 24 Aug 2010 08:03:21 -0700 From: Mark Phillipsm...@phillipsmarketing.biz Subject: [Zope-DB] ZSQL Question - Insert multiple rows in one statement? To: zope-db@zope.org Message-ID: aanlktinwd33h-hp1upzwlyofl3u12qcfdz9pjmvdy...@mail.gmail.com Content-Type: text/plain; charset=iso-8859-1 When I retrieve multiple values from a selection box, I need to create a loop somewhere to insert the multiple values (rows) into a table. Is there a way to do this within a ZSQL statement, or is it best to do the looping in a Python script? My specific example table 1 (Players) has information about players (i.e. team members for a sports team). There is a primary key - playerID table 2 (Seasons) has information about each season - primary key is seasonID table 3 (PlayerSeasons) has two columns - playerID and seasonID. The form to crud a player has a combobox where one can select multiple seasons for a player. When I do an add or update, I have to add one or more rows to the PlayerSeasons table. Does this loop have to be in a Python script, or can it be implemented in ZSQL? I looked at the 'multiple' keyword, but all the examples indicate that it apples to sql tests, such as testing against a set of values. I can't seem to find any examples where one is inserting multiple rows into a table. Thanks! Mark -- next part -- An HTML attachment was scrubbed... URL: http://mail.zope.org/pipermail/zope-db/attachments/20100824/e5237d80/attachment-0001.html -- Message: 2 Date: Tue, 24 Aug 2010 17:06:21 +0200 From: Andreas Jungli...@zopyx.com Subject: Re: [Zope-DB] ZSQL Question - Insert multiple rows in one statement? To: Mark Phillipsm...@phillipsmarketing.biz Cc: zope-db@zope.org Message-ID:4c73dfed.2000...@zopyx.com Content-Type: text/plain; charset=iso-8859-1 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I would assume that you can use DTML-IN for looping and generating multiple SQL statements of the same kind. You have to ensure that the statements having a proper delimiter (there was something in DTML?! DTML-SQLDELIMITER?...no idea, you need to checks the docs of this ancient technology). - -aj Mark Phillips wrote: When I retrieve multiple values from a selection box, I need to create a loop somewhere to insert the multiple values (rows) into a table. Is there a way to do this within a ZSQL statement, or is it best to do the looping in a Python script? My specific example table 1 (Players) has information about players (i.e. team members for a sports team). There is a primary key - playerID table 2 (Seasons) has information about each season - primary key is seasonID table 3 (PlayerSeasons) has two columns - playerID and seasonID. The form to crud a player has a combobox where one can select multiple seasons for a player. When I do an add or update, I have to add one or more rows to the PlayerSeasons table. Does this loop have to be in a Python script, or can it be implemented in ZSQL? I looked at the 'multiple' keyword, but all the examples indicate that it apples to sql tests, such as testing against a set of values. I can't seem to find any examples where one is inserting multiple rows into a table. Thanks! Mark ___ Zope-DB mailing list Zope-DB@zope.org https://mail.zope.org/mailman/listinfo/zope-db - -- ZOPYX Limited | zopyx group Charlottenstr. 37/1 | The full-service network for Zope Plone D-72070 T?bingen| Produce Publish www.zopyx.com | www.produce-and-publish.com - E-Publishing, Python, Zope Plone development, Consulting -BEGIN PGP
Re: [Zope-DB] Zope-DB Digest, Vol 72, Issue 1
Hmmm..If the database was modeled properly in the first place if wouldn't be referenced in many different places therefore it would not require changes in tons of SQL methods. SQL code isn't complicated, it does exactly what it says on the tin! (most of the time :)). ORM encourages lazy programming = problems later down the line. On 25/08/10 11:09, Andreas Jung wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Richard Harley wrote: Please can someone explain why ORM is better than speaking directly to the database? Isn't this just adding another layer of complexity which in huge databases is certainly not needed. Modifying the database schema (adding a new field) requires usually changes in tons of SQL methods..updating your ORM schema definition usually takes only one or a few lines of code. Or why the hell do you want to write complicated SQL code (I remember legacy code of a co-worker to tons of complex JOINs) yourself while you could implement the same functionality in much nicer way using Python? If you ask me: writing SQL is for masochists. - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJMdOvsAAoJEADcfz7u4AZjqyALwNWRbc5Pz3keM2x1wkDQfwfU WdtHLdNvLO6jIRMadMjlO4lOgPU0/ANIlkrUFgmstiEkpEt4zj8IIBWYZfdkrryo 6Cb5OeYN+/stFURDSdqGPViJYxybbPFd2pmcX5HW9W9msxIsZsC7mmjLWgUWQEY4 XXZBLbSTWB3DQt1gOXXNrntPzuSopad6QUb/Pqb/JWF7dtE3WYFY2/ar0YWOd/iU I7K3rKSTnQaBiDBwFrdrm/hHgeA34zlCs4M0qb8tWKCLsafwYNojAxdF28ScLSBD pHbxmcQY3aRqkHFPC1DZLqJNmMqbDitIpeUqgx6oLIc73trk2znRmT/HHFP+UhWU K72Qs6fBfEu1dvJYCA2iKFk2aE83ckqbdQnpwYtL0S3pVY3V5s1Z1ZQ4T1rz4+19 BnuClXsZEWxfn8nn3uNZ0kpv9RI3Tw2qRgd4L5vk1s/mCFCRUi1riCKkEb/U8ygI kiJw/Zv6hJrgY74ZA67sfaymJ6hrSfE= =JGcb -END PGP SIGNATURE- ___ Zope-DB mailing list Zope-DB@zope.org https://mail.zope.org/mailman/listinfo/zope-db
[Zope] commit problems psycopg
We have had a problem with postgresql 8.3 on a Windows server 2008. I wonder whether there has been any other experiences like this. We have connected to Potsgres from Zope via a Psycopg adapter and noticed that sometimes when data is inserted via a form in Zope, the data is available in Zope but doesn't get committed to the database. This has come to a head over the weekend where at least one month's worth of data has disappeared and this includes changes to the actual database structure - luckily only on a testing machine, but concerning nevertheless. The data seemed to disappear after we upgraded to the most recent version of Zpsycopg2 database adapter, previously we were using version 1 (I know it's old, we are only testing after all) and have never had these sorts of problem before. It's almost as if all the data and changes to the db were held in memory, and Postgres continued to work fine from there, but when the db adapter was changed and Zope restarted everything was cleared from memory. Has anyone had similar experiences or can anyone cast any light on where the problem may lie. To us it seems the db adapter is the most likely candidate but we can't understand how this could happen, explanations also welcome. Have posted this to psycopg list too. Thanks ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] adding swfobject in zope2
On 19/08/10 10:02, Tapas Mishra wrote: I am using a Content Management System known as eduCommons. As per suggestions on this list I want to embed swfobject in it. I googled Zope2 documents since eduCommons is based on Zope2. Following results http://www.google.co.in/search?hl=enq=adding+swfobject+to+zope2aq=faqi=aql=oq=gs_rfai= did not gave me any link to the documentation. Please give some link on Zope2 documentation page as how can I add an swfobject in header section of eduCommons html pages. I had asked this question on their forum http://educommons.2416974.n2.nabble.com/how-to-integrate-swfobject-in-Zope-using-eduCommons-tp5439418p5439418.html but there was no response regarding this. I have static HTML pages for this which are working. Something like this? http://code.google.com/p/swfobject/wiki/documentation ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
On 19/08/10 09:37, robert rottermann wrote: Am 18.08.2010 18:56, schrieb Andrew Milton: +---[ robert rottermann ]-- | I think storing dtml in a db is wrong by design. | I do lots of dynamic websites that are generated from external data. | i had no need for a single line of dtml yet ... I've seen it used a lot in PHP systems like PHP-Nuke, where the widget code is executed out of strings in the db. Whether it's necessary or not in this instance is debatable. there is an important difference between php based systems and zope. a php site is made up from a bunch of code snippets embedded in html that are fed into a php interpreter. where these snippets come from is unknown to the php interpreter. one of the reasons (I assume) that such systems tend to be riddled with security problems zope is an application server that sits between the internet and the (physical) server on which it runs. it so divides its univers in an unsave and a save part. everything that comes from the internet, that includes operations performed TTW (trough the web), is unsave and must be authenticated against zopes strict permission system. everything that comes from the server side (eg. from files loaded from the server) is considered save and is not security screened (or at least not as tightly). zopes application server offers you two ways to create dtml objects. TTW and from a file. one tightly screens one less so. now what you propose is a third way. get the dtml objects from a database. this could for sure be done but.. you have to write a kind of interpreter that creates an dtml object, sets up its context, executes it and manipulates its own environment in a meaningful way. next to that this interpreter has to set up its own security context to avoid to punch holes into zopes defenses. you can imagine, this is no easy chore. and it would probably be foolish if one tried to implement it. dtml is just not the way to go. it is a dead end (its developer decided so). it is replaced by tal and zope 3 (now bluebream) components that are far more powerfull and flexible. and, alas, not THAT easy to grasp robert By far the majority of new deployments use zope 2 though... ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
On 18/08/10 17:38, Andrew Milton wrote: +---[ Garry Saddington ]-- | Andrew Milton wrote: | +---[ Garry Saddington ]-- | | Garry Saddington wrote: | | Justin Dunsworth wrote: | | I am currently working on a project where I am storing HTML within a | | MySQL database to display dynamic pages and content in sequences. I | | would like to be able to store DTML within the tables as well and be | | able to call them within the page to display that content. I tried | | mixing the DTML in with the HTML and it shows the HTML correctly but no | | DTML. | | | | Is it possible to even do this? Are there other suggestions on how to go | | about this? | | | | The closest I have found is on Zopelabs | | (http://www.zopelabs.com/cookbook/1078612026) | | | | Sorry wrong recipe try this: | | | | http://www.zopelabs.com/cookbook/993850737/1011691351 | | Do I really have to explain why that particular recipe is a bad idea? d8) | | Just trying to be helpful. I did say that it was the only thing I can | find and I did not recommend it. | If you would care to share the problems of the recipe on the list then I | am sure all those reading who are new to Zope would benefit;) Since python scripts are web callable and something has to be passed in... The phrase execute arbitrary code is nearly always quickly followed by the phrase remote exploit and lots of sad faces (and then some finger pointing d8) If that is the case, aren't all python scripts within Zope potentially exploitable? ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zexp import fails from linux to windows due to image file paths
i do not think that it is the zexp import machinery that fails but the product that handles these external images. so you have to fix that product that it does not chocke when it can not read a file. robert Hi, Thanks for all your replies. Robert, I modified the products causing the errors as you suggested and was able to import the zexp without any problems, thanks! Richard. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] zexp import fails from linux to windows due to image file paths
Hi, I have an old zope based site that was hosted on a linux machine that was exported to a zexp. i am trying to import it onto a windows machine to fix up and upgrade the site. the windows machine is setup wth the identical products etc. The problem is the image file paths for linux within the zexp do not match the new windows setup. I dont need the images imported, i'm wanting to access the main site content and users. I dont have access to a linux machine anymore, so i'm stuck with windows for development. Is there a way of getting the import procedure to ignore the errors and continue the import (i.e. any hints on how to modify the zope code)? Or is there a way to edit the zexp to do a search remove/replace of the file path names so the import completes with no file path details? Any ideas greatly appreciated as I have searched around with no luck on answering this myself. Thanks ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] zexp import fails from linux to windows due to image filepaths
Quoting Jaroslav Lukesh [EMAIL PROTECTED]: You need to export your website folder as ZEXP in XML format. Then you could edit this file at search/replace basis. But before this, try to re-import this ZEXP file, if it is able to import (not all zexp exports are able to reimport). Regards, JL. Thanks for the reply JL, re-importing into the original server and exporting in XML is not an option as I don't have the server anymore, only a Windows machine. If editing the existing ZEXP is not possible, is it possible to modify the actual zope code temporarily, to ignore the mismatch of file paths (or to modify the paths from linux to windows during the import process)? Thanks, Rich ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-DB] Reference DTML-sqlvar in ZPT?
Dear list, I have a ZPT that lists results from a Z SQL Method. It has one argument: dropdown-department. Everything works fine, except I cannot find a way to include the passed SQL argument as a string in the ZPT document! To explain it in another way, a user selects a value from a drop-down list. This value is passed to a Z SQL Method. My ZPT displays these results, and I need to include the passed value (DTML-sqlvar) in a heading in the ZPT. Any help would be much appreciated. Richard ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
Re: [Zope-DB] Reference DTML-sqlvar in ZPT?
quote who=Charlie Clark Am 30.07.2007, 18:55 Uhr, schrieb Richard Flaaten [EMAIL PROTECTED]: Dear list, I have a ZPT that lists results from a Z SQL Method. It has one argument: dropdown-department. Everything works fine, except I cannot find a way to include the passed SQL argument as a string in the ZPT document! To explain it in another way, a user selects a value from a drop-down list. This value is passed to a Z SQL Method. My ZPT displays these results, and I need to include the passed value (DTML-sqlvar) in a heading in the ZPT. Neither explanation is particularly helpful but it sound like you're trying to do something you shouldn't! You if you are wishing to call a ZSQL method and pass in a parameter from your template this is done using a Python expression: tal:content=python: mySQLMethod(SQLvar=ZPTvar)... You can pass variables into a PageTemplate using the options dictionary. You might want to look at my presentation (with sample code) which touches on Zope and RDBMS. http://www.egenix.com/library/presentations/EuroPython2007-Zope-and-RDBMS/ Charlie -- Charlie Clark eGenix.com Dear Charlie, Thanks for your input. All I want to do is use the dtml-sqlvar argument as a string in my ZPT. My ZPT is simply a report containing the results of the SQL query; I need to use the argument as a title for the page. I am not passing any arguments in the ZPT. Richard Richard Flaaten [EMAIL PROTECTED], mobil 905 87 330] ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
Re: [Zope-DB] Reference DTML-sqlvar in ZPT?
I guess my questions are confusing since I am new to Zope. The dtml-sqlvar is already defined; the results from the Z SQL Method are already presented; I just want to remind the user of what they passed to the Z SQL Method. In other words, I only want to print what they selected from a drop-down list and passed to the Z SQL Method. I just want to print an already defined variable. The problem is: how to print a dtml-sqlvar in ZPT? I tried p tal:replace=dtml-sqlvar/dropdown-selectiondropdown-selection goes here/p Which did not work. Richard quote who=Charlie Clark Am 30.07.2007, 19:18 Uhr, schrieb Richard Flaaten [EMAIL PROTECTED]: Richard, although this is actually a ZPT issue and nothing specific to do with RDBMS. All I want to do is use the dtml-sqlvar argument as a string in my ZPT. My ZPT is simply a report containing the results of the SQL query; I need to use the argument as a title for the page. I am not passing any arguments ^ in the ZPT. Your explanation is self-contradictory: you seem to want to use an argument within ZPT without passing it or defining it? Please provide a code snippet. Charlie -- Charlie Clark eGenix.com Professional Python Services directly from the Source Python/Zope Consulting and Support ...http://www.egenix.com/ mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ mxODBC, mxDateTime, mxTextTools ...http://python.egenix.com/ Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 ___ Zope-DB mailing list Zope-DB@zope.org http://mail.zope.org/mailman/listinfo/zope-db
Re: [Zope] Suggestion for an opensource barchart/piechart graphic package in python
On Sunday 18 February 2007 08:24, Marco Bizzarri wrote: On 2/17/07, Bill Campbell [EMAIL PROTECTED] wrote: On Sat, Feb 17, 2007, Marco Bizzarri wrote: Hi all. I'm looking for an alternative to python gdchart for barchart/piechart in a web application. I'm looking to python gdchart 2, but I'm not sure on the status of maintenance of the project itself. I like gnuplot which makes it pretty easy to create a wide variety of plots. I know gnuplot; what is the support for python? Google. gnuplot python It's not hard. Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Foreground, but not debug.
Is there a way to run zope in the foreground, but not in debug mode? Debug means that it runs very slowly, and I want to run it under the control of a supervisor (runit). zopectrl -fg doesn't seem to recognise the zope.conf setting. I'm new to zope, but it seems to do what I require. Thanks in advance. R. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Re: Foreground, but not debug.
Martijn Pieters wrote: On 9/17/06, Richard Downing [EMAIL PROTECTED] wrote: Is there a way to run zope in the foreground, but not in debug mode? Debug means that it runs very slowly, and I want to run it under the control of a supervisor (runit). zopectl fg forces the debug setting; use runzope instead, especially when you are using your own supervisor. Thanks. It works. R. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] download a file in a specific folder in the filesystem
If you just want the file to be downloadable from say a web page served by zope you could make an object on your zope system (say a page template) that renders a page with a link to the file you wish to make available. The file would have to accessible to your web server. On 24 Aug 2006, at 16:00, Alan wrote:Dears,I would to know how to download a file generated by a program outside zope.I mean, I would like to download a file via zope webserver and such afile is located outside the zope space. Since zope treats everythingas a object I have know idea of how "importing" the link to a fileinside zope space.I would thank in advance any help.Cheers,Alan-- Alan Wilter S. da Silva, D.Sc. - Research AssociateDepartment of Biochemistry, University of Cambridge.80 Tennis Court Road, Cambridge CB2 1GA, UK. http://www.bio.cam.ac.uk/~awd28 ___Zope maillist - Zope@zope.orghttp://mail.zope.org/mailman/listinfo/zope**  No cross posts or HTML encoding! **(Related lists - http://mail.zope.org/mailman/listinfo/zope-announcehttp://mail.zope.org/mailman/listinfo/zope-dev ) Richard Phelps Senior Lecturer in Nephrology Renal Autoimmunity Group, MRC Centre for Inflammation Research, The Queen's Medical Research Institute 47 Little France Crescent Edinburgh EH16 4TJ Tel (44) 131 242 9164 Fax (44) 131 242 9168 ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-dev] 2.9.4? reStructuredText support?
On Sunday 09 July 2006 22:56, Jim Fulton wrote: Whoever integrated reST didn't even read the documentation, much less the code. FWIW. The ZReST product was originally released by me around 2002 - before those directives existed. According to the docutils HISTORY file, the directives themselves added in 2003. The *warning* about them was added in 2004. The configuration to *disable* them appears to have been added in 2005. What the hell docutils was doing turning this feature on by default... Richard ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope] ConflictError with *one* ZEO client?
On Wednesday 28 June 2006 18:12, Jens Vagelpohl wrote: On 28 Jun 2006, at 03:24, Richard Jones wrote: I've got a zopectl script I'm trying to run with the zopectl run command. It crashes out with a ConflictError even if there are no other ZEO clients connected to the ZEO store. I've restarted the ZEO store, no change. Having just one ZEO client will not mean you get no conflicts. Having more than one client just means there is a higher chance that two operations will concurrently modify the same object and cause them. If you're running a script you should tell us what the script does. The script merely modified a bunch of objects in the ZODB. Beyond that, there's not much that I can usefully tell you. I'm using Zope 2.8.5. As part of maintenance today I restarted the ZEO clients server, while removing the ZEO caches from the clients. I can no longer reproduce the problem. Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ConflictError with *one* ZEO client?
On Wednesday 28 June 2006 18:31, Jens Vagelpohl wrote: Are you using persistent ZEO caches? Those have been known to cause odd symptoms here and there... What do you mean by persistent? I have noticed strange beahviours if I don't remove the caches when I do a full (client + server) restart. Removing the .zec files is part of my standard full restart maintenance routine now. Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ConflictError with *one* ZEO client?
On Thursday 29 June 2006 06:13, Dieter Maurer wrote: Richard Jones wrote at 2006-6-28 11:24 +1000: it crashes out with a ConflictError even if there are no other ZEO clients connected to the ZEO store. Usually, a ConflictError does not crash Zope... Sure, we requests are retried, but zopectl run doesn't do that. Since we upgraded to 2.8 we see a few ConflictErrors propogated up through to users each week. Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] ConflictError with *one* ZEO client?
I've got a zopectl script I'm trying to run with the zopectl run command. It crashes out with a ConflictError even if there are no other ZEO clients connected to the ZEO store. I've restarted the ZEO store, no change. Any advice? Ideas? Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ConflictError with *one* ZEO client?
On Wednesday 28 June 2006 11:35, you wrote: Which Zope are you using? Set the logging level to BLATHER and try running with runzope rather than zopectl and see what happens. The event log should help localize the problem. Be sure to check both the ZEO logs and the Zope logs. Also, it helps if you post the traceback. Quite so, I apologise for the apalling lack of detail in my post. I'm going to try to reproduce the problem in a few hours. I'll post details then. Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Multiple SUBMIT images on one form
I gather that the problem whereby having more than one IMG submit on a single form causes some browsers (IE but not firefox) problems is well known. The problem is solved by using the positional attributes x,y in a cgi script. However, using Zope I cannot see how to access these atributes anmd certainly request.form does not appear to give me enough information to assertain which button has been submitted. I'll confess to still using 2.7.2 so someone may tell me it's fixed..or is there a workaround? Rick ___ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Multiple SUBMIT images on one form
Andrew Milton wrote:
+---[ Richard Smith ]--
| I gather that the problem whereby having more than one IMG submit on a
| single form causes some browsers (IE but not firefox) problems is well
| known. The problem is solved by using the positional attributes x,y in
| a cgi script.
|
| However, using Zope I cannot see how to access these atributes anmd
| certainly request.form does not appear to give me enough information to
| assertain which button has been submitted. I'll confess to still using
| 2.7.2 so someone may tell me it's fixed..or is there a workaround?
Off the top of my head;
request.name_of_image.x should work.
request.form.name_of_image.x should work too.
I haven't tried this for a while though, but, it's a quick thing you can try.
Ah yes, thanks for the pointers.
I was using BUTTON...IMG./BUTTON.
Moving to INPUT type=image name=fredINPUT
type=image... name=bill gives
request.form.bill={x:,y:.} if bill is clicked. And it works in IE.
Thanks
___
Yahoo! Photos – NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] What did your Zope server do in 2005?
On Wednesday 04 January 2006 02:11, Kirk Strauser wrote: On Monday 02 January 2006 08:10, Jake wrote: I sent this out last year and thought it would be fun to see how Zope's did in 2005. Pages:6,580,999 Hits: 37,137,283 Bandwidth: 142.12 GB Hardware: AMD Athlon 64 3200+ 2.0Ghz, 2GB DDR Ram, SCSI Raid 1, RH ES 2.1 Zope: 2.7.4, CMF 1.4.7, Plone 2.0.5 What did you gather that information with? Just parsing the log files? Anyway, here's ours: Pages: 2.9 million (approx) Hardward: Xeon 2.4GHz (HTT disabled), 2GB RAM, FreeBSD 6.0, single SCSI-320 drive. Zope: 8 instances of 2.7.8, hanging off a single ZEO server, and load-balanced (random selection) by an Apache 2.0.55 proxy on the same machine. I don't have complete stats for the whole year, but from Feb 2005 to today we did: Hits: 23,359,722 Pages: 10,977,747 Peak rate: 18,998 hits per hour Setup: 2 dual AMD Opteron 244 machines, 2GB RAM, Debian, with pydirector load-balancing them and apache out the front with the vhost mappings (we have a bazillion vhosts). One machine is also ZEO server with lotsa RAID disk, the other is just a grunt box with CPU, RAM and little else. Zope: 2.7.6 We have five ZEO clients (one per CPU plus an extra). One of them is dedicated to serving search-engine bot traffic so that the other clients (and hence regular users) aren't affected when they decide to spider *all* of our vhosts at once. Which they do, on a regular basis. Currently we see the majority of our traffic handled by the first of the other four ZEO clients, but at peak load times the others two see a trickle of hits. I expect we could double the current load, and we are anticipating an increase in load this year of at least that. It's a good thing that dual-Opteron machines are cheap. Richard ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope-dev] Puzzling change to guarded_getitem in Zope 2.8
I'm migrating our 2.7-developed Product to 2.8. The following change has me
puzzled. In 2.7, AccessControl.ZopeGuards guarded_getitem has the following
code:
def guarded_getitem(object, index):
[ snip handling of slices ]
...
v = object[index]
if Containers(type(object)) and Containers(type(v)):
# Simple type. Short circuit.
return v
if getSecurityManager().validate(object, object, index, v):
return v
raise Unauthorized, 'unauthorized access to element %s' % `i`
note the use of index in the validate call. In 2.8, this appears as:
def guarded_getitem(object, index):
[ snip handling of slices ]
...
v = object[index]
if Containers(type(object)) and Containers(type(v)):
# Simple type. Short circuit.
return v
if getSecurityManager().validate(object, object, None, v):
return v
raise Unauthorized, 'unauthorized access to element %s' % `i`
where index has become None. This would appear to imply that we can't
perform access controls on a per-item basis in sequences or mappings, unless
we do so in the actual __getitem__ method, which implies there's no such
thing as trusted code. We have an access policy implementation of:
def _checkAccess(self, name, value):
if name.startswith('CG'):
return 1
if self.isValidAggregateName(name):
return 1
return 0
security.setDefaultAccess(_checkAccess)
which obviously doesn't work any more, since name is never a item name, it's
always None.
Richard
pgpj6UDo2aBsA.pgp
Description: PGP signature
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Puzzling change to guarded_getitem in Zope 2.8
On Fri, 26 Aug 2005 10:00 am, Richard Jones wrote: I'm migrating our 2.7-developed Product to 2.8. The following change has me puzzled. In 2.7, AccessControl.ZopeGuards guarded_getitem has the following code: OK, Tres made the change, with the relevant bit of the log message being: Iteration over sequences could in some cases fail to check access to an object obtained from the sequence. Subsequent checks (such as for attributes access) of such an object would still be performed, but it should not have been possible to obtain the object in the first place. List and dictionary instance methods such as the get method of dictionary objects were not security aware and could return an object without checking access to that object. Subsequent checks (such as for attributes access) of such an object would still be performed, but it should not have been possible to obtain the object in the first place. So I presume that the change *intended* to move the onus of validation from the guarded_getitem method to the __getitem__ method of the container? No more trusted access to custom (ie. not builtin) sequence/mapping objects? Richard pgp0vUWOLplhT.pgp Description: PGP signature ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope] Migration pains going to Zope 2.8
I can't instantiate out Product, which is a bit of a hurdle :)
Our Product's registration looks like this (this function is invoked from the
Product's __init__.py):
def initialize(context):
''' Register the CGPublisher class '''
context.registerClass(
CGPublisher,
permission=Perm.ADD_CGPUBLISHERS,
constructors = (addCGPublisherForm, addCGPublisher, addValues,
getMode),
icon='www/CGPublisher.gif',
visibility='Global',
)
Unfortunately, the addCGPublisherForm template can't access the addValues
function. The specific error I get is:
Error Type: Unauthorized
Error Value: The container has no security assertions. Access to 'addValues'
of (App.ProductContext.__FactoryDispatcher__ object at 0xb61d30cc) denied.
I tried adding some module security declarations:
security = ModuleSecurityInfo('Products')
security.declarePublic('CGPublisher')
security = ModuleSecurityInfo('Products.CGPublisher')
security.declarePublic('addValues')
security.declarePublic('getMode')
to the initialize() function, but that didn't change anything. Any
suggestions?
pgpHifT3MDPM9.pgp
Description: PGP signature
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Migration pains going to Zope 2.8
On Thu, 25 Aug 2005 04:36 am, Dieter Maurer wrote:
Does your addValue have a __name__ attribute with value addValue?
In py2.3 (at least) functions get a __name__ automatically:
Python 2.3.5 (#2, Mar 29 2005, 15:41:06)
[GCC 3.3.5 (Debian 1:3.3.5-8ubuntu2)] on linux2
Type help, copyright, credits or license for more information.
def foo():
... pass
...
foo.__name__
'foo'
If so, you may want to analyse the FactoryDispatcher mentioned
above.
You get it (in an interactive interpreter) via
app.manage_addProduct[your Product]
In its class, you should find your contructors as
well as permission attributes of the form constructor_name__roles__.
Apparently, addValues__roles__ is missing (for whatever reason).
The ProductContext is creating the attributes correctly on the Product's
custom FactoryDispatcher class. The correct class is being used, and the
*__roles__ attributes are all present and accounted for when the validate()
is invoked. The problem appears to be that we don't even get up to checking
those attributes. The addValues function has no __roles__ attribute, so we
wander into __roles__ attribute checking on the container and fall about
laughing. So I added __roles__ to addValues:
addValues.__roles__ = ('Manager', )
and now everything works. I even removed the ModuleSecurityInfo declarations,
since they appeared to have no effect at all. There's probably some API for
setting that __roles__ attribute, but I'm stuffed if I can find it.
Thanks for the help Dieter,
Richard
pgpn3xLBQmglw.pgp
Description: PGP signature
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Migration pains going to Zope 2.8
On Thu, 25 Aug 2005 12:06 pm, Richard Jones wrote: and now everything works. Further data-point - the version of VerboseSecurity is to blame. It's not 2.8-compatible :( Sorry for the noise. Richard pgpvvxmwsl89Y.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: ECommerce?
On Wed, 10 Aug 2005 01:04 pm, Jeff Kowalczyk wrote: Shane Graber wrote: I'm looking for an e-commerce solution for Zope / Plone. My specific requirements are that we want to make available files for download that customers would have to pay for before they could download them. Does anyone have any suggestions on what Zope and/or Plone products to look for? http://www.plonemall.com/ should be a good fit. See the Plonemall mailing list for status, etc. http://www.zope.org/Products/commerce pgpmpjhA8zxs0.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] Pluggable Auth Service ... how is it used?
I'd like to get session-based login going, and on the surface PAS appears to support that. First up, is there any documentation? I've set up in my PAS acl_users the following objects: 1. cookies - a Cookie Auth Helper active for Challenge 2. session - a Session Auth Helper active for Extraction, Update Credentials and Reset Credentials 3. users - a ZODB User Manager with a single user test 4. roles - a ZODB Role Manager with the test user assigned to Manager Then accessing a Manager protected method inside the folder brings up the login form from the Cookie Auth Helper, but submitting that form does nothing (it returns the empty form to me). Switching the cookies object to handle Extraction, Update Credentials and Reset Credentials makes the login work, but I'd like to use the session. The docs that come with the product talk about Decorators and Property Sheets used to extend the user properties, but I can't even find anything with either of those names in the UI. The interface has Scriptable Plugin with a teasingly disabled Validation interface -- which I have found to mean user validation. I'd like to enforce valid email address capture ... when I can figure how to actually capture an email address, that is. Richard pgpLHwu0A4IJ4.pgp Description: PGP signature ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZPsycopgDA dropping connections?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Apr 2005 03:23 pm, Richard Jones wrote: Has anyone else seen ZPsycopgDA just lose its connection? I just looked in Shared/DC/ZRDB/Connection.py If the connection string is empty (which is quite valid for my setup, as it turns out) then the DA won't connect automatically. It won't even try. Could this be considered a bug, or am I missing something obvious? Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCZe/vrGisBEHG6TARAlfdAJ0ajEyBaGgTMMH+0bjL3NXv0g/UaQCeMDvD oJ1HMFf0yhXhE8OwQSzwFYI= =cmtl -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-Coders] Wrong username and password == Anonymous User?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Apr 2005 12:09 pm, Sidnei da Silva wrote: - If you want to access a anonymous page, you will *not* be sending auth credentials. Why do you say that? Cooke auth doesn't distinguish between anonymous pages and pages that require a user, so the cookie will be sent for every request. IIRC, this is also how Basic Auth works, once your browser knows you've got valid credentials for a site. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCZcCyrGisBEHG6TARAvRoAJ4sWIc5jy9gmMmOR5dgfg8EVj4msACeIM80 fpLGmzjaZ7aJ8wG7uD0pH8g= =aSFF -END PGP SIGNATURE- ___ Zope-Coders mailing list Zope-Coders@zope.org http://mail.zope.org/mailman/listinfo/zope-coders
[Zope] ZPsycopgDA dropping connections?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Has anyone else seen ZPsycopgDA just lose its connection? I've got two ZEO clients set up to use it, and every now and then one of them (the primary) just up and loses its connection. There doesn't appear to be any message in the log file *except* for the message saying that the connection's not active: 2005-04-20T14:35:46 INFO(0) ZEC:/var/cache/cgzope/zope-8000/cmain-main-1.zec flipping cache files. new current = 1 - -- 2005-04-20T14:53:25 INFO(0) ZEC:/var/cache/cgzope/zope-8000/cmain-main-0.zec flipping cache files. new current = 0 - -- 2005-04-20T14:58:11 ERROR(200) SiteError http://laurastein.cgpublisher.com/CGPublisher Traceback (most recent call last): File /home/cgzope/prod/Zope/lib/python/ZPublisher/Publish.py, line 92, in publish File /home/cgzope/prod/Zope/lib/python/ZPublisher/BaseRequest.py, line 259, in traverse File /home/cgzope/prod/Zope/lib/python/ZPublisher/BeforeTraverse.py, line 104, in __call__ File /home/cgzope/prod/Zope/lib/python/ZPublisher/BeforeTraverse.py, line 144, in __call__ File /home/cgzope/prod/Products/CookieCrumbler/CookieCrumbler.py, line 217, in __call__ attempt = self.modifyRequest(req, resp) File /home/cgzope/prod/Products/CGPublisher/SessionCookieCrumbler.py, line 55, in modifyRequest creds = req.SESSION.get(key,None) File /home/cgzope/prod/Zope/lib/python/ZPublisher/HTTPRequest.py, line 1218, in __getattr__ File /home/cgzope/prod/Zope/lib/python/ZPublisher/HTTPRequest.py, line 1178, in get File /home/cgzope/prod/Products/ZSQLSessionDataManager/ZSQLSessionDataManager .py, line 100, in getSessionData return self._getSessionDataObject(key) File /home/cgzope/prod/Products/ZSQLSessionDataManager/ZSQLSessionDataManager .py, line 233, in _getSessionDataObject c = self._getSessionDataConnection() File /home/cgzope/prod/Products/ZSQLSessionDataManager/ZSQLSessionDataManager .py, line 250, in _getSessionDataConnection return self.restrictedTraverse(self.obpath)() File /home/cgzope/prod/Zope/lib/python/Shared/DC/ZRDB/Connection.py, line 173, in __call__ BadRequest: The database connection is not connected - -- (apologies for the wrapping, of course) Any ideas? Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCZedirGisBEHG6TARAo6WAJ98cBlOZqoZ62Amg0zreDkTPFiyAQCeJGla gmhpp4lXn2wjFb6PnPkF3cI= =8g/U -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: ZEO and Sessions.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 15 Apr 2005 05:54 pm, Michael Haubenwallner wrote: Bakhtiar A Hamid wrote: Richard Jones wrote: http://www.zope.org/Members/richard/ZSQLSessionDataManager ark! insufficient priveleges Works now ! Well, it does *sometimes*. Whenever I make a new release though, the zope.org permissions seem to be screwey and end up giving people an error when they try to view the page! So I made two releases in quick succession today, and whoever manages zope.org did get those releases through publication quickly (though again, the page came up as an error in the mean time). Unfortunately, an erroneous release I made - which I did not mark for publication that I'm aware of, and had a meaningless ID - was also published. I've now marked it as retracted (there doesn't appear to be any way to *delete* a release), meaning the ZSQLSessionDataManager is again inaccessible by regular users. Sigh. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCX4aorGisBEHG6TARAhSJAJ4qsrn7hHcc4MP3qftObcQlfF/7LACcCZQe NIrUvoBbIvplD/s0jZuelLc= =0gfa -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Re: ZEO and Sessions.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed, 13 Apr 2005 10:21 am, Tres Seaver wrote:
Richard Jones wrote:
Yeah, I remember poking around that code way back, and it seemed
reasonable. Its interactions with transactions are the bits that scare
me. Using a standard RDBMS connection would probably solve that though.
I revisited the SQLSession product a year ago for a consuling customer,
making their hacked version a drop-in replacement for the transient
storage. I can't release their code, but I maybe learned enough then to
redo the task as a PluggableSessions product, using the
PluginRegistry product to manage the different requried bits.
Well, I have a ZSQLSessionDataManager implementation based on the standard
SessionDataManager with some changes. It appears to work fine when I test our
application (which makes heavy use of sessions).
So far the SQL code is geared towards Postgres (and gadfly, I think). It'd
need some tweaking to work on MySQL ('cos MySQL is *special*) and I'm not
interested in doing that work ('cos MySQL is *special*).
http://www.zope.org/Members/richard/ZSQLSessionDataManager
Richard
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCXhkFrGisBEHG6TARAjmiAKCCEa9AH/1l5LGx4py/CHhXb1X7hACfZiYE
iFsD9cpdZgb8+7NwlVwethY=
=nVP7
-END PGP SIGNATURE-
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZEO and Sessions.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 13 Apr 2005 05:47 am, Fernando Lujan wrote: Isn't there a easy way to do this? I was wondering if I couldn just createa new filestorage entry in the zeo.conf, and add some lines in my zope.conf file. Is there a viable non-versioned alternative to the filestorage approach? My sessions database grows ridiculously quickly. I'm also fairly sure it's causing problems when my site gets ~5 requests a second (yes, that low) Maybe one of these days I'll have time to look into SQLSession, but I'm not sure how well it will be able to replace the core session handling (and it does need to seamlessly replace it). I wonder how hard it'd be to write a new Session Data Manager using an RDBMS as the backend, or even just a filesystem approach that didn't use versioning. *shrug*. Mmm. Transactions. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCXFUJrGisBEHG6TARAphlAJ4hp/D6u0l/7G1MEhuEsLgykYASfACeNDm0 2CngEMS5lvja4vf2lSuCP5U= =+7Se -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZEO and Sessions.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 13 Apr 2005 09:44 am, you wrote: On Tue, 2005-04-12 at 19:08, Richard Jones wrote: Is there a viable non-versioned alternative to the filestorage approach? My sessions database grows ridiculously quickly. I'm also fairly sure it's causing problems when my site gets ~5 requests a second (yes, that low) You could use temporarystorage on the ZEO server if you don't really need your session data to be persistent across ZEO server restarts. This is what Fernando appeared to do in the end. Having sessions persist across ZEO restarts is a handy thing. Also, I never figured how to configure a temp storage in a ZEO server. I started looking once, but either ran into a dead end or got distracted (or both ;) There are no well-maintained nonundoing storages that I know of other than temporarystorage. Once upon a time, BerkeleyStorage minimal used to work, but its gone the way of the dinosaurs apparently. And I distrust anything related to Berkely DB :) I think any sessioning setup that uses a ZEO-backed storage will be more conflict-prone than one that doesn't use ZEO, just because the transaction commit time is typically longer. I'm not sure if this is the problem you mention. Could be. Probably not hard. You could write a session data manager implementation that used a relational database. The interface for those things is in Products/Sessions/SessionInterfaces.py Yeah, I remember poking around that code way back, and it seemed reasonable. Its interactions with transactions are the bits that scare me. Using a standard RDBMS connection would probably solve that though. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCXGFkrGisBEHG6TARAkp7AJ9xavG5iY4wQjGLkdjGmvqxn/mDoACfRXsh 5vLa0EwojCSZlBAi7e1Vuqo= =WTon -END PGP SIGNATURE- ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope-dev] I want Zope 2.9 to use Zope 3's security architecture.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 7 Apr 2005 02:49 am, Jim Fulton wrote: Paul Winkler wrote: i.e. will I still write: security.declareProtected(SomePermission, 'foo') def foo(self): ... That will work, and I don't see a need to deprecate it. Eventually, though, I expect products to migrate to ZCML-based security declarations. Is this a general trend for Zope 2? I'd rather see Zope 2 kinda avoid ZCML if possible. It's just one of those personal preference things, I suppose, but I know I'm not the only one who isn't that enamored of the ZCML approach. I actually like having the declarations all in the python code like it is in Zope 2. I'd like to see the declarative style that Zope 2 move to using decorators. I was sitting in a presentation at PyCon talking about MetaClasses, and I finally *got* them. I realised that the security declarations in Zope 2 are a perfect fit for metaclasses and decorators. If only I had the time to actually implement this dream ;) Note that this all comes from the perspective of someone whose only exposure to Zope 3 has been through two sprints. I've not actually tried to develop any sort of application using it. My day job is very firmly fixed in Zope 2, and isn't likely to change for a long time. So I'm definitely speaking from ignorance of real-world application development in Zope 3. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCVIIirGisBEHG6TARAowSAKCGSgaIkZeLJfg1NFlnzKdhOZDa3QCePu30 f5MPM1sUwbBEVykehbyNH7o= =v736 -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] More on [Removal of aq_acquire from guarded_getattr]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 25 Jan 2005 10:30 am, Stefan H. Holek wrote:
- declaring object security on the acquiree via
declareObjectProtected(foo)
For me, the problem arises when the acquiree is a Python builtin object - a
string instance attribute in my case. Hence I can't make any useful statement
like the above. I have a statement::
security.setDefaultAccess({'secure_url': 1})
on the class, but with the change discussed here, that assertion is never
looked up. I attempted to::
security.declarePublic('secure_url')
but of course that didn't change anything, as I mentioned the class assertions
weren't being looked at.
After poking around some more, I realised that validate()
(VerboseSecurityPolicy's) was being invoked with::
aq_chain(container) = [
CG Conference Registrations registrations at 0x4176ba00,
CG WebSpace web at 0x41483ce0,
CG Conference 1 at 0x4176b970,
CG Conferences conferences at 0x41483c30,
CGPublisher CGPublisher at 0x4176b980,
Application instance at 4179e050,
RequestContainer instance at 4176b9f0]
context = AccessControl.SecurityManagement.SecurityContext instance at
0x413cabec
aq_chain(value) = ['http://secure.cgpublisher.localhost']
That is, there's no acquisition context on the simple string. To fix the
problem, I changed secure_url to be a ComputedAttribute which looked up the
instance attribute _secure_url. This then gave the value a valid acquisition
chain and everything works now.
I'm really sorry I can't be more helpful and produce a useful test case, but
I've a bazillion deadlines falling on the floor. Maybe in a few months. For
now I just needed a work-around that will let me run in an un-patched Zope.
Richard
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFCBwoerGisBEHG6TARAqRIAJwOOCtEccg2RqsjqjzlTLkEVfvn2gCeMYRw
qwFvrTuk5xxhYi0pAU+UcUo=
=SOlC
-END PGP SIGNATURE-
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] More on [Removal of aq_acquire from guarded_getattr]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Mon, 7 Feb 2005 05:26 pm, Richard Jones wrote: That is, there's no acquisition context on the simple string. To fix the problem, I changed secure_url to be a ComputedAttribute which looked up the instance attribute _secure_url. This then gave the value a valid acquisition chain and everything works now. Please ignore this message. Everything does *not* work. I am at a loss as to why it worked *briefly*. Must've just been some other artifact introduced during the hours of messing with the code. Back to the code-mine. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFCBwrgrGisBEHG6TARAn57AJ9wnws/1GxZ7iMWUlqeWI8/8YNi9QCghqu9 pWtsieWTzWArDN1jZuam1L8= =BwJH -END PGP SIGNATURE- ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] SOAP Support for ZOPE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 15 Dec 2004 06:54 am, Aruna Kathiria wrote: I did some work regarding SOAP support on ZOPE and published this document on zope.org. Is there really no interest in getting SOAP support into the Zope core? I've got a guy working on some Microsoft Word stuff at the moment, and he was dumbfounded when he discovered that Zope doesn't support SOAP. In his words, everyone supports SOAP. Sigh :) Are there any objections to getting Aruna's patches into the 2.8 codebase? I'd be willing to do the work - but note I know practically nothing about SOAP - I just want to be able to use it. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBv2oRrGisBEHG6TARAgCuAJ0fVQoVsme1ShzPYT3rpw6mE6etXgCfb6Uf sp8baNmBJP1rV7yF/CfikMQ= =olB3 -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Was: Re: 2.7.3 beta attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, 23 Oct 2004 10:29 pm, Stefan H. Holek wrote: On 22.10.2004, at 14:38, Tres Seaver wrote: Given that the change was required to implement a security fix, and without a reproducible test case for the reported breakage, I don't think we can credit the rumors. We *definitely* don't want to defer the security fix. I still don't know what the security fix actually fixes, but that may well be my ignorance ;-). Your checkin message just mentions the removal of DWIMy code... Actually, this is a point I wanted to make a long time ago. I believe there would have been less confusion all around (and some still lingers) if there had have been more information in the checkin message than DWIMy code. DWIM only really has meaning to certain sets of I. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD4DBQFBfCFgrGisBEHG6TARAkyNAJ43FD5zX6JLNfCsrEJ48jn3eKfyTwCY+HVT FzEaLBC9VAJHUDrC+Se/yw== =Oehq -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Was: Re: 2.7.3 beta attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, 24 Oct 2004 08:03 am, Tres Seaver wrote: Richard Jones reported an issue with the patch, but couldn't give us a simple case. Users who *have* such weird applications can reverse the patch, find workarounds, or whatever, until they can help us isolate the bug. I find this to be totally acceptable, BTW. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBew74rGisBEHG6TARApyMAJ0W0dWgYvxcFUV6A9ovkFZb1y3ckACaAmL+ at+laIWFFCbxI+DycJdYQkw= =jdDA -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7.3 beta attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/10/2004, at 4:33 PM, Santi Camps wrote: Yes, meta_type is an attribute of type string, but I don't understand your reasons. Acquisition, obviously, is not implemented in strings, but if the object containing meta_type attribute inherits from Acquisition.Implicit it should work. In fact, it works for Zope 2.7.0 to 2.7.2. The problem appears in Zope 2.7.3, and I think that the problem is the change I mentioned in AccessControl/cAccessControl.c and AccessControl/ImplPython.py. I suppose this change is for some reasonable reason, but if it breaks security validations throught implicit acqusition I think the change should be considered. AFAIK Tres is working on this. I was unable to produce a simple example case, but more recently Stefan Holek (I think) was. The last I saw was Tres saying Aargh! on the 13th, then on the 14th saying he's unable to produce good test cases. And that's the problem. Tres' patch removed DWIM code. I'm not sure what that meant (I know what DWIM stands for ;) ... and I'm unable to state exactly (in a test case) what it is that my code does that invokes the DWIM'y code. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBdLffrGisBEHG6TARAlEZAJ46betsryQklXpFxPFK1EuxozGZxwCghtGG +XdZTjWsgdahMh6qqGrwPL4= =v/LZ -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] session error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 Oct 2004 04:23 am, Gerry Kirk wrote: A user got this error trying to edit content. It only happened once, and on second try she was ok. Using Zope 2.7.0: 2.7.3 (currently beta, but live on our production server) fixes errors of this sort. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBdcksrGisBEHG6TARAvDvAJ4oHmYvLcZG+ltfW7+CIyemzVHimACfc3lP 0g5TiJFRGSB5LFEn2qK27hM= =KedN -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 22 Sep 2004 12:40 am, Chris McDonough wrote: Would you be able to write a short test case that demonstrates the failure mode that you're seeing in your existing code? It would be nice to understand the failure before blindly reenabling the old behavior because it really is DWIM. Yes, and I have to try to produce a test case that shows up the ComputedAttribute issues I've been having too. I'm flat out at work (now that I'm no longer spending most of my time fixing ZODB corruptions and their fallout, I have a huge backlog of work to catch up on ;) Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBUVJorGisBEHG6TARAkPXAJ9ZPiTqzqwWT9ziPsobk0PzMm1eRACbB6ah gHxjiD/alPSmQiTzENXJCeA= =Ly80 -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 22 Sep 2004 11:14 pm, Chris McDonough wrote: Alright, well, in the meantime, I think we're going to release the beta with the aq_acquire DWIM removed and if it causes other folks problems we'll be able to tell from folks using the beta Yep, fair enough. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBUffArGisBEHG6TARAni2AJ91sSfjNfzMQcEoG4U6zeiAc7GJ9wCeMzY4 10Ol8uSnIojUvCWbl4c9Mqg= =cWQn -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 15/09/2004, at 1:00 PM, Chris McDonough wrote: I'd just stick the code back in there for now and we'll see what Tres says. No word from Tres, 2.7 branch release coming up... Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFBT34orGisBEHG6TARAsnUAJ9AFw/zOZ5gpXJIKNR837OcGiv62ACfRzXU +4k+jkEV0WFzU7RuiMXnScE= =mH5+ -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[might dupe - sent the first copy of this from the wrong address, sorry!]
I've just upgraded to use the bleeding-edge 2-7 branch (from 2.7.2, running in
py 2.3.3) and I've started getting permission problems with attributes. The
cause appears to be acquired attributes. With VerboseSecurity installed
(note: behaviour not dependent on VS - I checked), I get told:
Error Type: Unauthorized
Error Value: The container has no security assertions. Access to 'secure_url'
of (CG Conference Proposals proposals at 0x41387b40) denied.
The secure_url attribute is defined at a much higher object, where we have a
declaration including:
security.setDefaultAccess({'secure_url': 1})
On the proposals object though, we don't have any delaration for the
secure_url attribute. If I add one, or a general
security.setDefaultAccess(allow), then the error goes away. This doesn't
seem correct to me.
The relevant change in CVS appears to be:
*** ../../../../Zope-2.7.2/lib/python/AccessControl/ImplPython.py 2004-02-10
17:46:02.0 +1100
- --- AccessControl/ImplPython.py 2004-09-15 09:59:41.617423171 +1000
***
*** 551,560
return v
validate = SecurityManagement.getSecurityManager().validate
- - # Filter out the objects we can't access.
- - if hasattr(inst, 'aq_acquire'):
- - return inst.aq_acquire(name, aq_validate, validate)
- - # Or just try to get the attribute directly.
if validate(inst, inst, name, v):
return v
raise Unauthorized, name
- --- 551,556
The change note being - Removed DWIM'y attempt to filter
acquired-but-not-aceessible results from 'guarded_getattr'. and I'm not sure
what that means :)
Richard
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBR5hnrGisBEHG6TARAuucAJ42D8pU6kuPQ+mBwadqJq8uQbG12gCggN2u
AzBBhs5eCekTdl6bYtyBrCk=
=aUXn
-END PGP SIGNATURE-
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 15 Sep 2004 12:15 pm, Chris McDonough wrote: On Tue, 2004-09-14 at 21:18, Richard Jones wrote: On the proposals object though, we don't have any delaration for the secure_url attribute. If I add one, or a general security.setDefaultAccess(allow), then the error goes away. This doesn't seem correct to me. It sure doesn't sound right. Just to be pedantic: You have an object A that has no security assertion for secure_url. You have an object B that does. When you access the aq context a.__of__(b) and ask it for secure_url in restricted code, it refuses access. Is that a reasonable characterization or am I reading it wrong? Yep, that's the situation. It appears to look for the security assertions for secure_url on A instead of B. Note that secure_url is an attribute of B. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBR6aJrGisBEHG6TARAgw+AJsFrHNQ7cSs+d4baUjcp6WMznJ83wCfXtVi anfvnB2Gi2xUwQWLVTfoAUk= =BHr1 -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 15 Sep 2004 12:36 pm, Chris McDonough wrote: Yep, that's the situation. It appears to look for the security assertions for secure_url on A instead of B. Note that secure_url is an attribute of B. Yup. IOW, it looks like it used to find the first secure_url it could access and return that, even if there were other acquirable secure_url attrs before that one in the acquisition path. I'm sure the fact that it ignores any intermediate (but inaccessible) secure_url attrs is what Tres meant by DWIM. I *think* you're implying that there might be more than one secure_url attribute in the acquisition path? If so, that's not the case. There is only one, and it's on B. Or perhaps what you're saying is that in the pre-patch days, if there *was* an attribute on A, then validate() would do the Wrong Thing, or something otherwise bad would happen. I'm a little confused about why I'm the only person seeing this, BTW... But I'm not sure that he intended for the patch to have this effect. I'm not even sure why it does have this effect; the validate function is just too byzantine to understand without taking it through the debugger. You can say that again. My head hurts every time I need to look into validate() and friends ;) Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBR63CrGisBEHG6TARAs2WAJwK2fKlW5KQvPj/LGDT2sGY93q46gCdFRN0 ZsQlTMxX/PHuRN4XZ9Uxq9I= =2gJy -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] 2.7 branch: attribute permission problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 15 Sep 2004 01:00 pm, Chris McDonough wrote: I'd just stick the code back in there for now and we'll see what Tres says. This is what I've done to speed up my testing, rather than fixing all the places stuff is broken. I'll be testing for the rest of today, and if all goes well I'll get the 2.7 branch installed tomorrow. Thanks for all your help and support, Chris! Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBR7vhrGisBEHG6TARAi59AKCAXYGiOWm5vVek8YJrWeKls0UhdACfXGFq D3QaJdBpgpNAx7WYLpleiOA= =I274 -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 23 Jul 2004 03:30 am, Dieter Maurer wrote: Moreover, I propose to change the local role management pages. When setting local roles, information about acquired local role definitions is very helpful. I therefore propose to display this information on the local role edit page. I have implemented a security information page that details this and more info. I've always found the default security edit pages to be less than useful since they inherently use acquisition, but don't tell you what would be or is currently acquired. The code is attached. We mix it in with every object. A sample output is also attached. I have found it invaluable when debugging permissions problems. Would this be a useful thing to add to 2.8? Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAKsMrGisBEHG6TARAiwuAJ9n7wLGWzhDa7kGyr/5q8zwi3SV0QCfXX1f JAcHE9s71y9N/4oyNgRiRg4= =ATJ2 -END PGP SIGNATURE- ManageViewAccess.py Description: application/python dtml-var manage_page_header dtml-var manage_tabs h2Access permissions dump/h2 dl dtstrongValid Roles:/strong dddtml-var ', '.join(valid_roles()) dtstrongUser Defined Roles:/strong dddtml-var ', '.join(userdefined_roles()) dtstrongLocal Roles:/strong dd table class=listing tbody trthAt Object/ththLocal Roles Defined/th/tr dtml-in list_local_roles trtd dtml-var sequence-key /tdtd dtml-var 'br'.join(['%s: %s'%(i[0], ', '.join(i[1])) for i in _['sequence-item']]) /td/tr /dtml-in /tbody /table dtstrongPermission Usage:/strong dd table class=listing tbody trthPermission/ththAssigned To/th/tr dtml-in list_permission_use mapping trtd dtml-sequence-key; /tdtd dtml-perm; from dtml-from; /td/tr /dtml-in /tbody /table dtstrongPermission Settings:/strong dd table class=listing tbody trthPermission/ththHas Roles Assigned/th/tr dtml-in list_permission_roles trtd dtml-var sequence-key /tdtd dtml-var 'br'.join([', '.join(d['roles']) + ' from %(from)s'%d for d in _['sequence-item']])br /td/tr /dtml-in /tbody /table /dl dtml-var manage_page_footer Title: CGPublisher ZopeCGPublisherpublishers1 (Jane's Books)products2 (Jane's test book 2)details Jane's Books Works About Security Messages People Products Orders Work Templates Web Space Product Information Availability Subject Book Information Cover Images Access permissions dump Valid Roles: Actioner, Anonymous, Authenticated, Contributor, Creator, Manager, Owner, Publisher, System RPC, Visitor User Defined Roles: Local Roles: At ObjectLocal Roles Defined details 2 products admin: Owner 1 2: Publisher publishers admin: Owner CGPublisher admin: Owner Permission Usage: PermissionAssigned To DELETE Delete objects from webdav.Resource.Resource HEAD View from webdav.Resource.Resource LOCK WebDAV Lock items from webdav.Resource.Resource PROPFIND WebDAV access from webdav.Resource.Resource PROPPATCH Manage properties from webdav.Resource.Resource UNLOCK WebDAV Unlock items from webdav.Resource.Resource ac_inherited_permissions Change permissions from AccessControl.Role.RoleManager acquiredRolesAreUsedBy Change permissions from AccessControl.Role.RoleManager addStorageData Manage properties from Products.CGPublisher.storage.Storage.Storage addStorageDataForm Manage properties from Products.CGPublisher.storage.Storage.Storage asCGXML View public storage metadata from Products.CGPublisher.storage.Storage.Storage countRepetitions Access contents information from Products.CGPublisher.storage.Storage.Storage dummy_public View public storage metadata from Products.CGPublisher.storage.Storage.Storage dummy_shared View shared storage metadata from Products.CGPublisher.storage.Storage.Storage dump View private storage metadata from Products.CGPublisher.storage.Storage.Storage editPane View from Products.CGPublisher.storage.Storage.Storage editPaneHelper View from Products.CGPublisher.storage.Storage.Storage genericSchemaForm View from Products.CGPublisher.storage.Storage.Storage getAttribute Access contents information from OFS.ZDOM.Element getAttributeNode Access contents information from OFS.ZDOM.Element getAttributes Access contents information from OFS.ZDOM.Node getChildNodes Access contents information from OFS.ZDOM.Node getElementsByTagName Access contents information from OFS.ZDOM.Element getFirstChild Access contents information from OFS.ZDOM.Node getLastChild Access contents information from OFS.ZDOM.Node getNextSibling Access contents information from OFS.ZDOM.Node
[Zope-dev] Re: [Zope] zope (with cmf) instance being frequently restarted by signal SIGSEGV(11)
I tried running the instance on a single thread as suggested by a how-to I found at http://zope.org/Members/matt/StabilityHOWTO This has fixed this problem and also another long running problem with a huge memory leak. The howto suggests this indicates a problem with a C -extension. Is there any quick way to track this down or am I stuck with removing products out of the equation until I find the culprit? Is it definite that it will be a problem with a Product or could it be elsewhere in zope/python? Answering a couple of other questions... What OS are you running on? Debian stable ...why aren't you running on Python 2.3? Currently running zope 2.6.2 but in the middle of upgrading dev server to zope 2.7 and python 2.3 to see if this helps. Thanks for your help with this. Richard. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] zope (with cmf) instance being frequently restarted by signal SIGSEGV(11)
Hi, I have a cmf site that has begun restarting frequently and at random intervals for no apparent reason. This first occurred about 2 weeks ago for about 2-3 days with the instance being restarted every 15 mins at worst. This problem disappeared as quickly as it had appeared. 2-3 days ago this same problem reappeared but with the site sometimes being restarted 10 times in a 15 minute period. I can find no sequence of url calls or any common reason for this to be occurring. The only thing I could find was the following entry appearing in the event log matching the times I have witnessed the instance restarting via top. ERROR(200) zdaemon Process 25606 terminated by signal SIGSEGV(11) The only changes that have occurred around the time of this first problem turning up was (other than normal site operation with members/items being add/deleted): -the cpu and memory being upgraded. This was returned to the original memory and cpu state to make sure this wasn't the cause. These have been swapped in/out with no change so it looks like it is just coincidence. There is no obvious signs of anything malicious going on, but this is always a possibility I guess? What to check for? As this has basically brought the site to its knees with proxy errors displayed more often than not, has anyone got suggestions on what to look for. possibilities (however remote) as I am pretty desperate to get this fixed. If there is a simple explanation, what could cause it to start out of the blue? The only possible answer I have come up with while searching is about the thread stack size being to small. And having to recompile python with this set to a larger figure. Is this related to the problem I am having, and is there an easy way to check if this is the case for the version I have running? If this is what I need to do, is there a good link for details on what needs to be done and how to do it? CMF: 1.4.2 Zope: (unreleased version, python 2.1.3, linux2) Python: 2.1.3 (#1, Sep 7 2002, 15:29:56) [GCC 2.95.4 20011002 (Debian prerelease)] Thank you for all your help on this as I am lost at what steps to take next. Thanks, Richard. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How should an ideal Zope IDE look like?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday 24 Apr 2004 09:13, Andre Meyer wrote: - Commenting/uncommenting code (any hope Python will ever offer multi-line comments?). ''' this_code_is_commented_out() so_is_this() ''' Well, there is certainly more, but this is a start... ;-) That's quite a list. One could start from Eclipse/PyDev (http://pydev.sourceforge.net/) and add features. Or start with IDLE which already has a lot of Python support (duh :) Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAic9HrGisBEHG6TARAtP8AJ41V8zaDAJx8L/RpJ84ziJM8UWg/ACcD16z nboFegABcSSSE8nbt0Lj9bc= =6e86 -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: ZPT for CSS, anyone?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday 02 Apr 2004 18:44, Chris Withers wrote: Ah, okay, I think building something purely for CSS would REALLY suck. Something which could generically build SQL, CSS, Emails I would be less lielyl to vomit about... [snip] So persuade the Python guys to make string interpolation as powerful as you need it to be ;-) Why don't we have a good, long look at: http://www.python.org/cgi-bin/moinmoin/WebProgramming under the Templating Systems heading and make sure that someone else hasn't already come up with a good system that templates SQL, CSS, email, etc nicely. There's an awful lot of templating systems there... Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAbTr0rGisBEHG6TARApGiAJ4z7ZTRh/hsg87UnUP1yaoePpil0ACfTtrH tAkw1jDdFJfaE9sjkI5Ri5I= =0Ked -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Zope 2.7 and objects turning into None
On Saturday 21 February 2004 06:04, Casey Duncan wrote: This is indeed possible. getObject swallows all errors and returns None when one occurs. This would make it return None on busy systems if the traversal during getObject raised a read ConflictError. This would indeed result in the behaviour I was seeing. I consider this a bug and I will look into what the *real* desired semantics are. I've been bitten myself by this in applications which naively assumed getObject would always return a Zope object. You say naively, I say rightly. I could be wrong though :) For Zope 2.8 it might be reasonable to consider also making the case where accessing objects that have been removed without uncataloging is also an exception. I think this is a good policy. Richard pgp0.pgp Description: signature ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Zope 2.7 and objects turning into None
On Friday 20 February 2004 05:52, Dieter Maurer wrote: We have a report for Zope 2.7 about an object magically turning into None (1 or 2 weeks ago). Sorry, I haven't been following this thread, but I will note that I've seen (repeatably) in my test Zope environment this behaviour. This is probably unrelated though... For me, the situation comes about when I am loading up my fresh (ie. clean ZODB) test Zope with a thousand users. While the load script is running (it runs on the command-line and goes TTW using urllib to register the users) if I access a page which summarises all users, I *sometimes* get None for some of the users. The page uses a Catalog to find basic user info, and sometimes uses getObject() to find the real user object. The getObject() appears to return None sometimes. Once the load is complete, I don't see any errors. So I blame some mechanism failing under load. I also often see ReadConflictErrors, but I understand they're going away soon :) Richard pgp0.pgp Description: signature ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How to make Zope fail nicely under high load?
On Thursday 12 February 2004 01:23, Casey Duncan wrote: What kinds of requests are these? Do they all require a dynamic output? If not, then you should put better caching in front of Zope, or at a minimum tweak you caching headers so that some could be served as 304s for instance. If they are all dynamic, how dynamic? How different is the page for one session than another? If much of the page is the same then you might benefit from an ESI approach where you cache parts of pages and assemble them in the cache, serving only small pieces from Zope. I'm a bit surprised that you have not (from what I can see), used the most common Zope speedup (and often the cheapest overall): Buy more hardware and use ZEO. I was going to suggest these things too. And a bunch of other stuff. A while ago, I wrote a page about making Zope go faster - it might help. http://zope.org/Members/richard/docs/zope_optimisation.html Richard pgp0.pgp Description: signature ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] RE: Resolved security-related collector issues forthepublic?
Brian Lloyd wrote: ...or will decide that doing so is unreasonable and use something else instead :( Note that I'm not necessarily criticizing that particular policy, just pointing out that _any_ policy will have some upside and some downside. The challenge will be coming to agreement on a policy with the right balance that everyone can live with. How about something along the lines of: - Development team only disclosure for the first x days (2 to 7 days is the maximum here I would think), in order to develop a workaround/patch. - Full disclosure after that, along with a published patch, hotfix or workaround. Other recommendations: - Increase the number of people who have access to the security section of the collector, to increase the chance that it will be discussed. - Form a closed security list for discussing such things amongst selected developers, away from the general public gaze (does such a thing already exist?) At some stage the sysadmin has to take responsibility for the packages they are using. I tend to believe, as almost certainly most of the security community does, that not all crackers are just script-kiddies waiting for an exploit. Lets face facts -- if someone is reporting an exploitable hole, anyone else (white/black/grey hat) could have also found it. I for one would love to know things like: Jamie Heilman wrote: Clemens Robbenhaar wrote: malicious Python Scripts on my site (I guess , and I do not use DTML or some Tree-stuff -- thus I did not upgrade yet, and You may feel free Actually... unless you've altered the ZMI and HelpSys, you do use dtml-tree ...and HelpSys is publically traversable by default. Anyone else spot the irony in the situation that _all_ the available security holes are available to a user who cracks the Zope collector site? --Richard ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] RE: Resolved security-related collector issues forthepublic?
Paul Winkler wrote: On Fri, Jan 23, 2004 at 09:45:43AM +1300, Richard Waid wrote: How about something along the lines of: - Development team only disclosure for the first x days (2 to 7 days is the maximum here I would think), in order to develop a workaround/patch. - Full disclosure after that, along with a published patch, hotfix or workaround. OK, but what if there is no patch, hotfix, or workaround ready after 2-7 days? Some of these bugs have taken much longer. I think we need to be looking at _why_ the bugs have taken much longer. Is it strictly lack of resources? Security fixes, generally, shouldn't come in batches of 10 (or whatever) because, even if they're related, it makes testing the critical-security-patch-that-needs-to-be-applied-right-now extremely difficult for almost everyone. --Richard ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] New-style ExtensionClasses (Zope 2.8) -- MRO issue
Jim Fulton wrote: snip 3. Use a hybrid schema. I'll call this the encapsulated base scheme. snip Is it possible for the hybrid schema to generate a 'deprecation' warning for each instance of a class that doesn't match the requirements of the C3 resolution order when Zope is first started, and thus increase the chances that product authors will modify their products (or be coerced to do so :)), without actually breaking them? --Richard ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Very fast requests beating ZODB commits...
On Tue, 14 Oct 2003 02:25 pm, Richard Jones wrote: 1. request comes in which modifies ZODB 2. code handling request replies with REQUEST.RESPONSE.redirect() 3. redirected page uses data input at step 1 (specifically, it's auth info) but that info hasn't been committed yet, so we get errors Ehem. Operator error (confusion) ... nothing to see, move along. Richard pgp0.pgp Description: signature ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Very fast requests beating ZODB commits...
I'm seeing the following behaviour in Zope2.7b2 (python 2.3.2) on a relatively fast computer (Athlon 1.8GHz): 1. request comes in which modifies ZODB 2. code handling request replies with REQUEST.RESPONSE.redirect() 3. redirected page uses data input at step 1 (specifically, it's auth info) but that info hasn't been committed yet, so we get errors So I've modified the method at step #1 to get_transaction().commit() before doing the redirect(), but I'm usually a little concerned when I have to invoke the transaction machinery directly like this... Any thoughts? Is there some way to hold the redirect off until after the transaction is committed normally? Richard pgp0.pgp Description: signature ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: 2.7.0-b2 - Critical ZPT TAL bug when using content-type text/xml
Evan Simpson wrote: Until cAccessControl.c is fixed, you can work around the problem with a simple patch to Products/PageTemplates/Expressions.py, in restrictedTraverse(): if isinstance(name, TupleType): object = object(*name) continue + + name = str(name) if not name or name[0] == '_': # Skip directly to item access Thanks Evan (definitely a better idea that turning off guarded_getattr anyway :)). Any hunches why it doesn't happen in 2.6.x? (maybe the xml didn't get converted to unicode?) I'd imagine that it's probably quite a pervasive bug -- comparing two strings is obviously quite a common situation ... just turned up by this particular situation. Just a quick grep turns up 50 instances of PyString_Check in the 2.7.0-b2 source, and 4 instances of PyUnicode_Check. cDocumentTemplate.c and UnicodeSplitter.c (no suprises there) seem to do the right thing. Pretty much every other c file needs to be checked. In particular cPersistence.c, cPickleCache.c, Acquisition.c, ComputedAttribute.c, ExtensionClass.c and cAccessControl.c all use PyString_Check, and they'd obviously be bad places for things to go wrong :) Best regards, Richard Waid Network/Software Engineer http://iopen.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] 2.7.0-b2 - Critical ZPT TAL bug when using content-type text/xml
Yesterday I discovered a bug in ZPT for which I'm having trouble tracking down the source. This bug does not appear to occur in 2.6, but does appear to occur in both 2.7.0-b2 and 2.7.0-b1. Basically, if you're using a ZPT with a content-type text/xml, using a TAL path expression to access an attribute or method causes a security violation (Unauthorized). It does not happen if the ZPT is using content-type text/html. This is a critical bug for us, it will affect dozens if not hundreds of XML producing ZPT's if we were to upgrade to 2.7 from 2.6. I notice that someone previously reported something like this on the Zope list but I couldn't find a resolution (the message was a couple of months back), and there is a bug in the collector: http://collector.zope.org/Zope/1034/ To which I have added a comment, a test case and a traceback. The bug was talking about METAL macros, but it is almost certainly related. Two things are known to workaround this bug: 1) ZOPE_SECURITY_POLICY=PYTHON would probably work, since I forced an import error in AccessControl/ZopeGuards.py to force the use of the python version of guarded_getattr, and that fixed the problem. Which might suggest the problem is in cAccessControl ... though I dropped in the 2.6 version of that, and it didn't seem to fix the problem (maybe something in cAccessControl is only trigged under this scenerio), 2) Using getattr rather than guarded_getattr in PageTemplates/Expressions.py, line 348. Not the best solution :) The test case, for those too lazy to look in the collector (:)): --- 1. Create a page template 2. Use the text: test xmlns:tal=http://xml.zope.org/namespaces/tal; tal:replace=here/id/ 3. Set to content-type text/html -- it should work when you test it. 4. Set to content-type text/xml -- you will get a security violation when you test it (Unauthorized: You are not allowed to access 'id' in this context). - Any help tracking down this problem would be very greatly appreciated. Many thanks, Richard Waid Network/Software Engineer http://iopen.net ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: TALES idea: tuple unpacking
On Wed, 30 Jul 2003 06:16 am, Evan Simpson wrote: OK, I've checked in a sample implementation on evan-pathprefix-branch. It allows for registering prefixes with: This seems very nice. I'm not likely to actually have a chance to play with it any time soon though, so I can't really comment on how it works in practise... Richard pgp0.pgp Description: signature
Re: [Zope-dev] More on the getId issue...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Saturday, July 5, 2003, at 04:50 AM, Dieter Maurer wrote: Richard Jones wrote at 2003-7-1 12:03 +1000: ... PageTemplateFile (via Script and SimpleItem) inherits Item. This class has an attribute id set to '' by default. PageTemplateFiles don't use id though, they use __name__. The getId implementation that PageTemplateFiles use has some mention of __name__ in it, but it'll never get used because: id = '' def getId(self): name=getattr(self, 'id', None) if callable(name): return name() if name is not None: return name if hasattr(self, '__name__'): return self.__name__ raise AttributeError, 'This object has no id' This is funny code indeed... Obviously, the code starting with line 4 in the function can only be executed by hackers. Please file a bug report. Or I could just fix it with the modified version I posted :) Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE/BiGSrGisBEHG6TARAqEbAJ405Vv/bmCRwRygT1pOAv0CxsEd3gCfZGc6 WQOJT0xo3TElzmeU1gRLLkk= =eYtw -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] PageTemplateFiles considered anonymous?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 PageTemplateFiles don't have an id attribute set when they're created - - they have a __name__ instead. This causes functions like getPhysicalPath (and the related absolute_url) to break in fun ways :) The SimpleItem.Item_w__name__ mixin was created for pretty much this situation. Any objections to adding that mixin to PageTemplateFile by default instead of the vanilla SimpleItem.Item? Also, is there a reason why Item_w__name__ doesn't define getId() when it does define _setId()? Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE/AOgYrGisBEHG6TARAi6NAJ9MUwVfWo4p0tCRQd2TviUHGGV7xACfW+Vq dewj4ut3nC7HXx3hp83A2HQ= =chPE -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] More on the getId issue...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In my last email, I said Also, is there a reason why Item_w__name__ doesn't define getId() when it does define _setId()? This question doesn't really capture the essence of the problem. In a nutshell, the following happened... PageTemplateFile (via Script and SimpleItem) inherits Item. This class has an attribute id set to '' by default. PageTemplateFiles don't use id though, they use __name__. The getId implementation that PageTemplateFiles use has some mention of __name__ in it, but it'll never get used because: id = '' def getId(self): name=getattr(self, 'id', None) if callable(name): return name() if name is not None: return name if hasattr(self, '__name__'): return self.__name__ raise AttributeError, 'This object has no id' Note the default value of None in the getattr at the start, and then the test for None later on. Oh, hang on, except we've got a *class* level default value for id of ''. Ehem. I suspect that the if name is not None test *should* read if name. And there doesn't need to be the default value for the getattr. I have no idea how much code that assumes that objects will at least have an id of '' will break. My proposed new getId() method: def getId(self): name = self.id if callable(name): return name() if name: return name if hasattr(self, '__name__'): return self.__name__ raise AttributeError, 'This object has no id' Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE/AOvurGisBEHG6TARAsXQAJsGEri4RIIWpjrSTbjQUZKU37hfLgCfVZTp jax496YYNjtVosNZHpv8VGc= =lzBT -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: FHS, zopectl, #925, Re: [Zope-dev] 2.7 installation
On Friday 20 June 2003 04:57 pm, PieterB wrote: On Friday 20 June 2003 01:19 am, Jean Jordaan wrote: There's only one possible way! A-A-P! (A good match for Ape, Shane ;) It's a replacement for make by Bram Moolenaar, the author of Vim, and it looks like it does a lot of things Right. Sorry, I haven't really been paying attention so this might be completely OT. It *sounds* like it's being suggested that we replace make (given the above statement). Has anyone used SCons? http://www.scons.org/ Richard I think the default Zope install should not have dependencies other than that Python is required and the user has some shell system (bash/sh/MS batchfiles). ... and aap apparently ;) About Scons: I never heard of it before It's been around for quite a while. It's based on the winning design for software construction tools (ie. make replacement) in the Software Carpentry contest (the website of which has vanished from the web now so you'll have to rely on the info at scons.org). It's certainly been around for longer than aap :) but it's not suitable for my task. I want to create something that can easily interact with FreeBSD ports Fair enough - as I mentioned, I haven't been paying close attention to the thread. My virtual ears pricked up when mention was made of replacing make ;) , and is more stable than 0.14 alpha I note with a grin that up until this month aap was at release 0.150 :) Richard pgp0.pgp Description: signature
Re: FHS, zopectl, #925, Re: [Zope-dev] 2.7 installation
On Friday 20 June 2003 01:19 am, Jean Jordaan wrote: There's only one possible way! A-A-P! (A good match for Ape, Shane ;) It's a replacement for make by Bram Moolenaar, the author of Vim, and it looks like it does a lot of things Right. Sorry, I haven't really been paying attention so this might be completely OT. It *sounds* like it's being suggested that we replace make (given the above statement). Has anyone used SCons? http://www.scons.org/ Richard pgp0.pgp Description: signature
Re: [Zope-dev] Re: DBtab and BDBStorage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday, June 6, 2003, at 06:17 AM, Shane Hathaway wrote: - Use ZEO. It makes starting/stopping Zope much faster and isolates the application from the database. I've noticed that this pattern doesn't hold with Zope 2.7 as it currently stands. Even on a powerful machine the ZEO clients can take quite some time to start up. Does anyone know why this might be? I'm talking here about a brand-new ZEO server with practically empty ZODB. No additional Products. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+38vorGisBEHG6TARAiG5AJ0XBcUZkMnOX/4ECk/JChEu1NUhZgCeLs+a kvn9GuVvOswbWOplJr04WIc= =xlTW -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ZEO install/runtime issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, May 28, 2003, at 04:38 AM, Jeremy Hylton wrote: [Please followup to zodb-dev.] You made some changes to the mkzeoinst.py script in April. I was busy then, and I've just had a chance to look at the changes now. I'd like to discuss some of the changes, and I'm including a wider discussion list to make sure we include anyone else who is interested. A number of the changes are Zope specific. (For example, you can't even run mkzeoinst.py without having a directory named Zope hanging off of sys.path.) ZEO and ZODB are intended for use separately from the rest of Zope, so we need to find a way to factor this out into a generic configuration and a Zope-specific configuration. Go for it :) [I'm in hard-core product development mode for a few months, so apart from critical Zope bugfixes along the way I'll not really be much use, sorry ... even Roundup is taking the back seat for a while ;)] Perhaps Zope's mkzeoinstance should have all that Zope-specific stuff, and only hook into the mkzeoinst module for some of the generic functions. there may even be some more potential for sharing of code between mkzeoinstance and mkzopeinstance. The other question I have is about the organization of software into a Zope home and an instance home. I'm not sure what the history of this arrangement is, but I recommend that people do not configure their ZEO servers to share software with their Zope app servers. It can cause fairly severe problems! I was completely unaware of this, and have always run ZEO servers with the full complement of Products. I have no immediate suggestion for a solution to this problem. The big issue is really how are (potentially dumb, point-n-click) users to know that they need to install product X in their ZEO server but not product Y? Dieter's solution of some configuration variable controlling this sounds like a really good idea, if possible. Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Darwin) iD8DBQE+1ZI4rGisBEHG6TARApA1AJ9V5Vy/FD8Dx7Nyp2lcXhTgDuAokwCeJqLJ gbubTTKmtV/Heyush75rW44= =qVyG -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
