Log message for revision 72233:
Changed:
U Zope/branches/2.10/doc/CHANGES.txt
-=-
Modified: Zope/branches/2.10/doc/CHANGES.txt
===
--- Zope/branches/2.10/doc/CHANGES.txt 2007-01-26 01:50:18 UTC (rev 72232)
+++
Ian Bicking wrote:
It would be a concern if, for instance, Plone started depending on
buildout recipes for installation, without plain distutils recipes. Of
course right now there are no distutils recipes for old-style Products.
So actually it's an active issue -- if buildout enables Plone to
Rob Miller wrote:
honestly, it seems to me that buildout tries to do too much.
That's ok. I often don't need the big hammer that buildout is. That's
when I tend to use workingenv (even if it's' just for trying out whether
something's easy_install'able)
it's
trying to handle both
Summary of messages to the zope-tests list.
Period Thu Jan 25 12:00:00 2007 UTC to Fri Jan 26 12:00:00 2007 UTC.
There were 7 messages: 7 from Zope Unit Tests.
Tests passed OK
---
Subject: OK : Zope-2.6 Python-2.1.3 : Linux
From: Zope Unit Tests
Date: Thu Jan 25 21:06:27 EST 2007
whit wrote:
I'm not clear on what the advantage would be. I'm probably missing
some use cases. I think they are both valid approaches to the problem.
my main usecase is to be able to use buildouts in a workingenv without
having to rewrite the recipes... right now, I have to do one or the
Ian Bicking wrote:
Jim Fulton wrote:
I actually tried to do this once before with zc.buildout, but I didn't
get far -- probably a result of lack of effort and lack of familiarity
with the overall stack. But I also recognize lots of the questions
about stuff like the zope.conf file and Data.fs
Ian Bicking wrote:
Jim Fulton wrote:
If *Plone* becomes incompatible with workingenv that'd be bothersome
I agree.
But if a buildout is incompatible, eh... who knows,
I would hope that buildout would not have to be compatible with
workingenv, whatever that means, in order for Plone to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jim Fulton wrote:
Ian Bicking wrote:
Jim Fulton wrote:
If *Plone* becomes incompatible with workingenv that'd be bothersome
I agree.
But if a buildout is incompatible, eh... who knows,
I would hope that buildout would not have to be compatible
Tres Seaver wrote:
I don't think buildout's default locations would be called sensible by
anybody except the folks who wrote it.
I think a lot of this may have to do with sensible defaults; most (all?)
of this is settable via options in buildout.cfg, which is reassuring at
least.
Here
I don't have a usecase for executing the scripts with any python
interpeter other than the one which ran setuptools to generate them, and
therefore don't care for the hard-wired path manipulation
I would agree that having to mangle multiple scripts is annoying. On the
other hand, I find the
I have an external method which uses eval(). I would like to prevent anyone
from calling this method from inside a URL, e.g.,
myzopesite/myexternalmethod?myvar=deletemyfiles()
Rather, I wish for only Zope objects such as Python Scripts to be able to call
this external method. Is there any way
--On 26. Januar 2007 10:29:08 -0500 Mark, Jonathan (Integic)
[EMAIL PROTECTED] wrote:
I have an external method which uses eval(). I would like to prevent
anyone from calling this method from inside a URL, e.g.,
myzopesite/myexternalmethod?myvar=deletemyfiles()
Rather, I wish for only Zope
The relevant permission for an external method in 2.10.1 is Access
contents information.
The problem is that the Zope application which calls my External Method
from a Python Script always runs unauthenticated. I turned off in the
ZMI my External Method's access for unauthenticated users, and
Using a proxy role on the calling Python Script worked. My guess is that a
clever hacker could call the Python Script continually and then create a race
condition that would permit him to call the External Method directly in a URL,
thus passing the External Method his own malicious parameters.
- Original Message -
From: Mark, Jonathan (Integic) [EMAIL PROTECTED]
To: Jonathan [EMAIL PROTECTED]; zope@zope.org
Sent: Friday, January 26, 2007 2:32 PM
Subject: RE: [Zope] Is there any way to turn off the publishing of
externalmethods to the web in Zope?
Using a proxy role on
http://www.zopelabs.com/cookbook/1073504990
In addition to the information on this page I have found that you can
also run the following command at a (gdb) prompt to get a list of URLs
being processed by the misbehaving thread:
call PyRun_SimpleString(import string,sys,os,ZServer;
I will add the URL test. In addition, I will pass a long symettric 64 bit key
to the external method as a parameter, and require the external method to
confirm that the correct key was passed. Since only I have access to my file
system and to my ZMI this is sufficient.
Extraneously, I would
Sale, Robin wrote at 2007-1-25 14:33 -0500:
What I'm doing:
Visit a simple HTML page that has a link to a second ... all of which is
contained within a folder that requires authenticated user to view. I go
to server:8080/page_path/page_name and have to log in. I do so, and see
the page. Now,
Mark, Jonathan (Integic) wrote at 2007-1-26 10:29 -0500:
I have an external method which uses eval(). I would like to prevent anyone
from calling this method from inside a URL, e.g.,
myzopesite/myexternalmethod?myvar=deletemyfiles()
Rather, I wish for only Zope objects such as Python Scripts to
Am 26.01.2007, 08:37 Uhr, schrieb Graziella Toutoungis
[EMAIL PROTECTED]:
Hello,
I use zope2.9.4 with postgresql8.1, in my database i have some tables
are the result of a query on other tables.
exe: table1 is the result of table2 with table3
My
user can connect to the database and he can
in my database i want to create a table1 who is the
result of a query on table2 and table3 like select
x2,y2,x3,y3 from table2 and table3...
-i want now to create the table1.
-evrey time the user try to insert into table1, i must
insert this data in the original table and verify the
possibility of
any suggestions?
Write a procedure in the database that
does this and just call this procedure from Zope.
--
Maciej Wisniowski
___
Zope-DB mailing list
Zope-DB@zope.org
http://mail.zope.org/mailman/listinfo/zope-db
22 matches
Mail list logo
