Re: [Zope] FYI on Debian 3.1/zope Re: Images too (StructuredDocument size limit reduced after 2.5.1 to 2.7.5 upgrade)
John Schinnerer wrote: That was what I needed, the parameter name...my sysadmin set it low for security reasons, not realizing Clueless overly paranoid sysadmins strike again ;-) No actually, he's very clueful and security-conscious, and I was mistaken about how it got set that low, it appears to be a debian package default setting. Ah, my mistake, clueless overly paranoid debian packagers ;-) (they're very close in breed *grinz*) Glad to hear your sysadmin doesn't fall into the former category though! FYI anyone upgrading to the recent Debian 3.1 release (sarge), the default in the config file in the zope package (2.7.5 final) in sarge has cgi-maxlen set quite low, 1 if I recall correctly, to block potential DOS attacks according to the comment on the setting (Debian is perhaps a bit paranoid in this case...). *thunks head against wall* Anyone know who the debian package maintainer is so we can give them a tickle? cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] FYI on Debian 3.1/zope Re: Images too (StructuredDocument size limit reduced after 2.5.1 to 2.7.5 upgrade)
Aloha, > > That was what I needed, the parameter name...my sysadmin set it low > > for security reasons, not realizing > Clueless overly paranoid sysadmins strike again ;-) No actually, he's very clueful and security-conscious, and I was mistaken about how it got set that low, it appears to be a debian package default setting. FYI anyone upgrading to the recent Debian 3.1 release (sarge), the default in the config file in the zope package (2.7.5 final) in sarge has cgi-maxlen set quite low, 1 if I recall correctly, to block potential DOS attacks according to the comment on the setting (Debian is perhaps a bit paranoid in this case...). So a default debian upgrade will leave you with a very small cgi-maxlen in the zope config file - be sure to check it and change it if needed. cheers, John S. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )