[Zope] Storing DTML in SQL
I am currently working on a project where I am storing HTML within a MySQL database to display dynamic pages and content in sequences. I would like to be able to store DTML within the tables as well and be able to call them within the page to display that content. I tried mixing the DTML in with the HTML and it shows the HTML correctly but no DTML. Is it possible to even do this? Are there other suggestions on how to go about this? ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
+---[ Justin Dunsworth ]-- | I am currently working on a project where I am storing HTML within a MySQL database to display dynamic pages and content in | sequences. I would like to be able to store DTML within the tables as well and be able to call them within the page to display | that content. I tried mixing the DTML in with the HTML and it shows the HTML correctly but no DTML. | | Is it possible to even do this? Are there other suggestions on how to go about this? I'm not condoning this in any way d8) but... You have to actually execute the DTML as DTML. That means your rendering code has to actually execute it and display the output, not just dump the source into your page. How to do that will probably require you to use some "trusted" code, that means a Product or an External Method for Zope 2 (I assume Zope 2 since you're talking about DTML). You might have a bit of a mountain to climb there d8) Are you sure you need to store the DTML in the db? -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
Justin Dunsworth wrote: > I am currently working on a project where I am storing HTML within a > MySQL database to display dynamic pages and content in sequences. I > would like to be able to store DTML within the tables as well and be > able to call them within the page to display that content. I tried > mixing the DTML in with the HTML and it shows the HTML correctly but no > DTML. > > Is it possible to even do this? Are there other suggestions on how to go > about this? The closest I have found is on Zopelabs (http://www.zopelabs.com/cookbook/1078612026) Regards Garry ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
Garry Saddington wrote: > Justin Dunsworth wrote: >> I am currently working on a project where I am storing HTML within a >> MySQL database to display dynamic pages and content in sequences. I >> would like to be able to store DTML within the tables as well and be >> able to call them within the page to display that content. I tried >> mixing the DTML in with the HTML and it shows the HTML correctly but no >> DTML. >> >> Is it possible to even do this? Are there other suggestions on how to go >> about this? > > The closest I have found is on Zopelabs > (http://www.zopelabs.com/cookbook/1078612026) Sorry wrong recipe try this: http://www.zopelabs.com/cookbook/993850737/1011691351 Garry ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
+---[ Garry Saddington ]-- | Garry Saddington wrote: | > Justin Dunsworth wrote: | >> I am currently working on a project where I am storing HTML within a | >> MySQL database to display dynamic pages and content in sequences. I | >> would like to be able to store DTML within the tables as well and be | >> able to call them within the page to display that content. I tried | >> mixing the DTML in with the HTML and it shows the HTML correctly but no | >> DTML. | >> | >> Is it possible to even do this? Are there other suggestions on how to go | >> about this? | > | > The closest I have found is on Zopelabs | > (http://www.zopelabs.com/cookbook/1078612026) | | Sorry wrong recipe try this: | | http://www.zopelabs.com/cookbook/993850737/1011691351 Do I really have to explain why that particular recipe is a bad idea? d8) -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
Why must it be stored in a RDB? Can you not store the DTML in the ZODB and store the path or id to the DTML in the RDB or a python script that can massage whatever data you need and call the DTML.. -- Jeffrey D Peterson Webmaster Crary Industries, Inc. 237 12th St NW West Fargo, ND 58078 P: 701-499-5928 E: jeff.peter...@crary.com > -Original Message- > From: zope-boun...@zope.org [mailto:zope-boun...@zope.org] On Behalf Of > Andrew Milton > Sent: Wednesday, August 18, 2010 11:26 AM > To: Garry Saddington > Cc: zope@zope.org > Subject: Re: [Zope] Storing DTML in SQL > > +---[ Garry Saddington ]-- > | Garry Saddington wrote: > | > Justin Dunsworth wrote: > | >> I am currently working on a project where I am storing HTML within > a > | >> MySQL database to display dynamic pages and content in sequences. > I > | >> would like to be able to store DTML within the tables as well and > be > | >> able to call them within the page to display that content. I tried > | >> mixing the DTML in with the HTML and it shows the HTML correctly > but no > | >> DTML. > | >> > | >> Is it possible to even do this? Are there other suggestions on how > to go > | >> about this? > | > > | > The closest I have found is on Zopelabs > | > (http://www.zopelabs.com/cookbook/1078612026) > | > | Sorry wrong recipe try this: > | > | http://www.zopelabs.com/cookbook/993850737/1011691351 > > Do I really have to explain why that particular recipe is a bad idea? > d8) > > -- > Andrew Milton > a...@theinternet.com.au > ___ > Zope maillist - Zope@zope.org > https://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
Andrew Milton wrote: > +---[ Garry Saddington ]-- > | Garry Saddington wrote: > | > Justin Dunsworth wrote: > | >> I am currently working on a project where I am storing HTML within a > | >> MySQL database to display dynamic pages and content in sequences. I > | >> would like to be able to store DTML within the tables as well and be > | >> able to call them within the page to display that content. I tried > | >> mixing the DTML in with the HTML and it shows the HTML correctly but no > | >> DTML. > | >> > | >> Is it possible to even do this? Are there other suggestions on how to go > | >> about this? > | > > | > The closest I have found is on Zopelabs > | > (http://www.zopelabs.com/cookbook/1078612026) > | > | Sorry wrong recipe try this: > | > | http://www.zopelabs.com/cookbook/993850737/1011691351 > > Do I really have to explain why that particular recipe is a bad idea? d8) > Just trying to be helpful. I did say that it was the only thing I can find and I did not recommend it. If you would care to share the problems of the recipe on the list then I am sure all those reading who are new to Zope would benefit;) Garry ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
+---[ Garry Saddington ]-- | Andrew Milton wrote: | > +---[ Garry Saddington ]-- | > | Garry Saddington wrote: | > | > Justin Dunsworth wrote: | > | >> I am currently working on a project where I am storing HTML within a | > | >> MySQL database to display dynamic pages and content in sequences. I | > | >> would like to be able to store DTML within the tables as well and be | > | >> able to call them within the page to display that content. I tried | > | >> mixing the DTML in with the HTML and it shows the HTML correctly but no | > | >> DTML. | > | >> | > | >> Is it possible to even do this? Are there other suggestions on how to go | > | >> about this? | > | > | > | > The closest I have found is on Zopelabs | > | > (http://www.zopelabs.com/cookbook/1078612026) | > | | > | Sorry wrong recipe try this: | > | | > | http://www.zopelabs.com/cookbook/993850737/1011691351 | > | > Do I really have to explain why that particular recipe is a bad idea? d8) | > | Just trying to be helpful. I did say that it was the only thing I can | find and I did not recommend it. | If you would care to share the problems of the recipe on the list then I | am sure all those reading who are new to Zope would benefit;) Since python scripts are web callable and something has to be passed in... The phrase "execute arbitrary code" is nearly always quickly followed by the phrase "remote exploit" and lots of sad faces (and then some finger pointing d8) -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
On 18/08/10 17:38, Andrew Milton wrote: > +---[ Garry Saddington ]-- > | Andrew Milton wrote: > |> +---[ Garry Saddington ]-- > |> | Garry Saddington wrote: > |> |> Justin Dunsworth wrote: > |> |>> I am currently working on a project where I am storing HTML within a > |> |>> MySQL database to display dynamic pages and content in sequences. I > |> |>> would like to be able to store DTML within the tables as well and be > |> |>> able to call them within the page to display that content. I tried > |> |>> mixing the DTML in with the HTML and it shows the HTML correctly but > no > |> |>> DTML. > |> |>> > |> |>> Is it possible to even do this? Are there other suggestions on how > to go > |> |>> about this? > |> |> > |> |> The closest I have found is on Zopelabs > |> |> (http://www.zopelabs.com/cookbook/1078612026) > |> | > |> | Sorry wrong recipe try this: > |> | > |> | http://www.zopelabs.com/cookbook/993850737/1011691351 > |> > |> Do I really have to explain why that particular recipe is a bad idea? d8) > |> > | Just trying to be helpful. I did say that it was the only thing I can > | find and I did not recommend it. > | If you would care to share the problems of the recipe on the list then I > | am sure all those reading who are new to Zope would benefit;) > > Since python scripts are web callable and something has to be passed > in... The phrase "execute arbitrary code" is nearly always quickly > followed by the phrase "remote exploit" and lots of sad faces (and > then some finger pointing d8) > > If that is the case, aren't all python scripts within Zope potentially exploitable? ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
+---[ Richard Harley ]-- | On 18/08/10 17:38, Andrew Milton wrote: | > +---[ Garry Saddington ]-- | > | Andrew Milton wrote: | > |> +---[ Garry Saddington ]-- | > |> | Garry Saddington wrote: | > |> |> Justin Dunsworth wrote: | > |> |>> I am currently working on a project where I am storing HTML within a | > |> |>> MySQL database to display dynamic pages and content in sequences. I | > |> |>> would like to be able to store DTML within the tables as well and be | > |> |>> able to call them within the page to display that content. I tried | > |> |>> mixing the DTML in with the HTML and it shows the HTML correctly but no | > |> |>> DTML. | > |> |>> | > |> |>> Is it possible to even do this? Are there other suggestions on how to go | > |> |>> about this? | > |> |> | > |> |> The closest I have found is on Zopelabs | > |> |> (http://www.zopelabs.com/cookbook/1078612026) | > |> | | > |> | Sorry wrong recipe try this: | > |> | | > |> | http://www.zopelabs.com/cookbook/993850737/1011691351 | > |> | > |> Do I really have to explain why that particular recipe is a bad idea? d8) | > |> | > | Just trying to be helpful. I did say that it was the only thing I can | > | find and I did not recommend it. | > | If you would care to share the problems of the recipe on the list then I | > | am sure all those reading who are new to Zope would benefit;) | > | > Since python scripts are web callable and something has to be passed | > in... The phrase "execute arbitrary code" is nearly always quickly | > followed by the phrase "remote exploit" and lots of sad faces (and | > then some finger pointing d8) | > | > | If that is the case, aren't all python scripts within Zope potentially | exploitable? Not all python scripts execute arbitrary code *passed to them* -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
I think storing dtml in a db is wrong by design. I do lots of dynamic websites that are generated from external data. i had no need for a single line of dtml yet ... robert Am 18.08.2010 18:38, schrieb Andrew Milton: > +---[ Garry Saddington ]-- > | Andrew Milton wrote: > |> +---[ Garry Saddington ]-- > |> | Garry Saddington wrote: > |> |> Justin Dunsworth wrote: > |> |>> I am currently working on a project where I am storing HTML within a > |> |>> MySQL database to display dynamic pages and content in sequences. I > |> |>> would like to be able to store DTML within the tables as well and be > |> |>> able to call them within the page to display that content. I tried > |> |>> mixing the DTML in with the HTML and it shows the HTML correctly but > no > |> |>> DTML. > |> |>> > |> |>> Is it possible to even do this? Are there other suggestions on how > to go > |> |>> about this? > |> |> > |> |> The closest I have found is on Zopelabs > |> |> (http://www.zopelabs.com/cookbook/1078612026) > |> | > |> | Sorry wrong recipe try this: > |> | > |> | http://www.zopelabs.com/cookbook/993850737/1011691351 > |> > |> Do I really have to explain why that particular recipe is a bad idea? d8) > |> > | Just trying to be helpful. I did say that it was the only thing I can > | find and I did not recommend it. > | If you would care to share the problems of the recipe on the list then I > | am sure all those reading who are new to Zope would benefit;) > > Since python scripts are web callable and something has to be passed > in... The phrase "execute arbitrary code" is nearly always quickly > followed by the phrase "remote exploit" and lots of sad faces (and > then some finger pointing d8) > > ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
+---[ robert rottermann ]-- | I think storing dtml in a db is wrong by design. | I do lots of dynamic websites that are generated from external data. | i had no need for a single line of dtml yet ... I've seen it used a lot in PHP systems like PHP-Nuke, where the widget code is executed out of strings in the db. Whether it's necessary or not in this instance is debatable. -- Andrew Milton a...@theinternet.com.au ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
Am 18.08.2010 18:56, schrieb Andrew Milton: > +---[ robert rottermann ]-- > | I think storing dtml in a db is wrong by design. > | I do lots of dynamic websites that are generated from external data. > | i had no need for a single line of dtml yet ... > > I've seen it used a lot in PHP systems like PHP-Nuke, where the widget > code is executed out of strings in the db. Whether it's necessary or > not in this instance is debatable. > > there is an important difference between php based systems and zope. a php site is made up from a bunch of code snippets embedded in html that are fed into a php interpreter. where these snippets come from is unknown to the php interpreter. one of the reasons (I assume) that such systems tend to be riddled with security problems zope is an application server that sits between the internet and the (physical) server on which it runs. it so divides its univers in an unsave and a save part. everything that comes from the internet, that includes operations performed TTW (trough the web), is unsave and must be authenticated against zopes strict permission system. everything that comes from the server side (eg. from files loaded from the server) is considered save and is not security screened (or at least not as tightly). zopes application server offers you two ways to create dtml objects. TTW and from a file. one tightly screens one less so. now what you propose is a third way. get the dtml objects from a database. this could for sure be done but.. you have to write a kind of interpreter that creates an dtml object, sets up its context, executes it and manipulates its own environment in a meaningful way. next to that this interpreter has to set up its own security context to avoid to punch holes into zopes defenses. you can imagine, this is no easy chore. and it would probably be foolish if one tried to implement it. dtml is just not the way to go. it is a dead end (its developer decided so). it is replaced by tal and zope 3 (now bluebream) components that are far more powerfull and flexible. and, alas, not THAT easy to grasp robert ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
On 19/08/10 09:37, robert rottermann wrote: > Am 18.08.2010 18:56, schrieb Andrew Milton: > >> +---[ robert rottermann ]-- >> | I think storing dtml in a db is wrong by design. >> | I do lots of dynamic websites that are generated from external data. >> | i had no need for a single line of dtml yet ... >> >> I've seen it used a lot in PHP systems like PHP-Nuke, where the widget >> code is executed out of strings in the db. Whether it's necessary or >> not in this instance is debatable. >> >> >> > there is an important difference between php based systems and zope. > a php site is made up from a bunch of code snippets embedded in html > that are fed into a php interpreter. > where these snippets come from is unknown to the php interpreter. one of > the reasons (I assume) that such systems tend to be riddled with > security problems > > zope is an application server that sits between the internet and the > (physical) server on which it runs. > it so divides its univers in an unsave and a save part. everything that > comes from the internet, that includes operations performed TTW (trough > the web), is unsave and must be authenticated against zopes strict > permission system. > everything that comes from the server side (eg. from files loaded from > the server) is considered save and is not security screened (or at least > not as tightly). > > zopes application server offers you two ways to create dtml objects. TTW > and from a file. one tightly screens one less so. > now what you propose is a third way. get the dtml objects from a database. > this could for sure be done > but.. > you have to write a kind of interpreter that creates an dtml object, > sets up its context, executes it and manipulates its own environment in > a meaningful way. > next to that this interpreter has to set up its own security context to > avoid to punch holes into zopes defenses. > > you can imagine, this is no easy chore. > > and it would probably be foolish if one tried to implement it. > dtml is just not the way to go. it is a dead end (its developer decided > so). it is replaced by tal and zope 3 (now bluebream) components that > are far more powerfull and flexible. > and, alas, not THAT easy to grasp > > robert > By far the majority of new deployments use zope 2 though... > > > > > ___ > Zope maillist - Zope@zope.org > https://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope-dev ) > ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
> > By far the majority of new deployments use zope 2 though... > > of course. zope 2 does use 5 which is a zope2/3 bridge. plone is VERY zope3/five based .. ___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Storing DTML in SQL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 robert rottermann wrote: >> By far the majority of new deployments use zope 2 though... >> >> > of course. > zope 2 does use 5 which is a zope2/3 bridge. > plone is VERY zope3/five based .. ZTK-based - Zope 3 is no more. - -aj -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxtDFsACgkQCJIWIbr9KYzW8QCeME9f+6w1RupIO8r+eBc7ybRE zIEAoN1j3y6sA4QbDeEurFfB+ceXTS7Z =Qr8G -END PGP SIGNATURE- <>___ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )