Am Sonntag, den 20.11.2005, 12:54 -0500 schrieb D Washburn:
I have a need to encrypt a parameter passed on a URL to another
website using Python and MD5 encryption. I tried to set up a test
python script:
I am running ZOPE and Plone. I have made other Python scripts that
work.
Am Montag, den 21.11.2005, 21:59 +0100 schrieb David De Maeyer:
Hi Jonathan,
Just gave a tried, actually I had tried the same as
you suggested but it doesn't work.
We have a site, say www.mysite.com, and we access the
CMS system via admin.mysite.com. One of the page
displays a rather
Am Mittwoch, den 23.11.2005, 14:29 -0500 schrieb Asad Habib:
No need to bake a pie when you can buy one at the grocery store!
You can? Where is the store where I can buy the python wrapped
render/print lib of gecko/mozilla please?
___
Zope maillist
Am Donnerstag, den 24.11.2005, 12:54 -0500 schrieb Paul Winkler:
On Thu, Nov 24, 2005 at 06:37:36PM +0100, Andreas Jung wrote:
--On 24. November 2005 11:55:25 -0500 Paul Winkler [EMAIL PROTECTED]
wrote:
In case it's not: access log is written to when the response
is sent back.
Which
) like this:
./bin/zopectl run fileimport.py bigfile /path/in/zope/
Greats
Tino
#!zopectl
# Fileimporter for Zope by Tino Wildenhain
import sys,time,os
class ProgressFile(file):
Class renders progressbar on read
def __init__(self,filename):
this file is read only
file.__init__(self
Am Samstag, den 26.11.2005, 21:17 -0400 schrieb David Pratt:
Hi. I am looking at how to implement a RESTful web service in Zope2.
Could you expand a bit on whatever a RESTful web service is?
thx
Tino
___
Zope maillist - Zope@zope.org
Allen Huang schrieb:
how do I do an auto-refresh to my browser with dtml? anyone have any ideas?
_when_ do you want to refresh?
dtml-call expr=REQUEST.RESPONSE.setHeader('Refresh','10')
or something like that should work. See rfc2616 for headers
and zope-book for API of RESPONSE object.
Andreas Jung schrieb:
--On 1. Dezember 2005 00:02:07 -0800 Infor Gates [EMAIL PROTECTED]
wrote:
Dear zopist
I am trying to pick up zpt. Is there an equivalent
command in zpt for dtml-call
RESPONSE.redirect('home_page').
tal:call define=dummy python: request.RESPONSE.redirect(...) /
Am Donnerstag, den 01.12.2005, 12:12 -0500 schrieb Mike Jakowlew:
Hi all,
I'm trying to update a file thats already been uploaded. I can't
figure out what command to use,
update_data/manage_upload/manage_edit. I've settled (so far) on
manage_upload but it doesn't work. I get the error:
Am Donnerstag, den 01.12.2005, 15:45 -0800 schrieb Dennis Allison:
I have not yet completed differential diagnosis, but I was hoping someone
had encountered a similar problem and could pass along a fix/workaround.
The following program fails to do the writes --
import MySQLdb
Am Samstag, den 03.12.2005, 21:56 +0200 schrieb Roman Suzi:
Hi!
...
DELETE /path/to/object/X/Y HTTP/1.1
Host: myhost.myorg.org
Content-Type: application/myprotocol+xml
Of course, I have a product Z which has this class:
class Z:
...
def Y(self, REQUEST):
if
Am Dienstag, den 06.12.2005, 14:55 +1300 schrieb Cameron Beattie:
Thanks for the many replies. I apologise for the original message which was
obviously very unclear - I will try to correct that.
...
I want to do this frequently and at low cost i.e. ideally in memory. Perhaps
the best way
Am Mittwoch, den 07.12.2005, 13:22 -0800 schrieb Michael Dexter:
Hello,
It appears that Apache and IIS put both HTTP and WebDAV/HTTP traffic
over the same port. Can Zope do the same? Why? Why not?
It already does. The problem are all the broken clients
which do not read the source property
Am Mittwoch, den 07.12.2005, 23:31 -0500 schrieb Harry Forster:
I would like to install Zope 2.8.4 on a Suse 9.0 system. Has anyone done
this
and how did you do it?
Unpack Zope sources and read doc/INSTALL.txt
there.
___
Zope maillist -
Am Donnerstag, den 08.12.2005, 13:46 -0800 schrieb Ed Colmar:
Do ZSQL methods communicate with the dtml-in call and understand the
size attribute?
Not really.
for example, in this dtml-in statement:
dtml-in SQL_get_large_list size=20 start=query_start
/dtml-in
Will the database be
Am Mittwoch, den 07.12.2005, 09:39 + schrieb Chris Withers:
Dieter Maurer wrote:
The original poster explained his wish to retain FCGI:
It reuses an existing connection between Apache and Zope
while (he thinks and I might believe it) the recommended
mod_proxy way each time
...
The funny thing is - performance isnt really the pro of
fcgi over http. Its really more about transporting header
and environment data from zope to apache, which is
^^
actually I meant apache to zope.
I go and get some coffee...
Tino
Am Mittwoch, den 14.12.2005, 16:20 -0500 schrieb Jonathan:
Thanks to everyone for the feedback... the bottom line seems to be that you
can NOT trap zope exceptions in a python script... which seems a bit odd.
No, you can. But you should know what you do and
reraise critical (e.g. Conflict
Jonathan schrieb:
...
It seems strange that one can, using plain vanilla python scripts, trap
bare 'try/excepts' (and I agree with Andreas that this is not a good
thing to do!) and that one can trap python built-in exceptions, but that
one cannot trap zope exceptions. Why allow python
Allen Huang schrieb:
I'm trying zope on linux but I have come a cross a problem.
I windows, I simply changed the port number from 8080 to 80
in zope.conf so I could get to my site without typeing the port.
But in Linux, I did the same thing but it always tells me that some
other server
...
Try:
context.afolder.manage_delObjects(['someitem'])
where 'someitem' does not exist in 'afolder'
works:
try:
context.afolder.manage_adlObjects(['nonexistent'])
except Exception,x:
if 'BadRequest' in repr(x):
print bad request
else:
raise x
:-)
(Ok, this _is_
Andreas Jung schrieb:
--On 15. Dezember 2005 09:08:20 -0500 Jonathan [EMAIL PROTECTED] wrote:
- Original Message - From: Tino Wildenhain [EMAIL PROTECTED]
Interesting work-around, but I agree that these exception types should be
immediately available in plain vanilla python scripts
Am Donnerstag, den 15.12.2005, 19:58 +0100 schrieb adeline nombre:
bonjour
je suis un débutant. je veux installer zope sur la debian. mais j'ai
remarqué un repertoire /usr/lib/zope. j'ai donc conclu que zope a été
installé avec mon system debian. maintenant comment faire pour démarer
zope.
Am Donnerstag, den 15.12.2005, 21:17 +0100 schrieb Igor Stroh:
Tino Wildenhain wrote:
Am Donnerstag, den 15.12.2005, 19:58 +0100 schrieb adeline nombre:
bonjour
je suis un débutant. je veux installer zope sur la debian. mais j'ai
remarqué un repertoire /usr/lib/zope. j'ai donc conclu que
assign any number of addresses
to a single card.
HTH
Tino Wildenhain
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope
Am Samstag, den 17.12.2005, 14:56 +0100 schrieb Jan-Ole Esleben:
That ZOPE raises an error is fine. That I _might_ run into such
situations with other tools is true.
You *will* run into these problems in exactly the same cases in any other
tool.
I'm sorry, but that's just wrong, and
Am Samstag, den 17.12.2005, 16:43 +0100 schrieb Jan-Ole Esleben:
That ZOPE raises an error is fine. That I _might_ run into such
situations with other tools is true.
You *will* run into these problems in exactly the same cases in any
other tool.
I'm sorry, but that's just
Pier Luigi Fiorini schrieb:
Hello,
I'm developing a Zope application that uses a PostgreSQL connection and
several ZSQL objects.
People should log in using a Postgres user and ZSQL object should be executed
by the user that's logged in. Multiple people can be logged at the same time.
command really reconnecting.
There is SET SESSION AUTHORIZATION but I'm not
sure if it really helps.
Regards
Tino Wildenhain
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related
David Bear schrieb:
On 12/10/05, *Tino Wildenhain* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Am Mittwoch, den 07.12.2005, 09:39 + schrieb Chris Withers:
Dieter Maurer wrote:
The original poster explained his wish to retain FCGI:
It reuses
Ed Colmar schrieb:
Hey All..
I'm following up on this thread after lots of different configuration
attempts, reinstalling apache2 from source, more configuration attempts,
banging my head against the wall, and endless troubleshooting..
Unfortuantely I am still failing to configure this
Ed Colmar schrieb:
Hey Tino
Well, my access log fills up with lines like:
61.54.11.222 - - [21/Dec/2005:14:36:56 -0800] GET
http://media.fastclick.net/w/get.media?sid=19765m=3tp=7d=sc=1
HTTP/1.1 404 927
404 is fine. We all have that in our logs. There is nothing to worry.
Its just the
Ed Colmar schrieb:
Hmm...
Ok the 404 thing I understand, but they are coming in at such a high
rate it makes me nervous... Maybe this is some form of distributed DOS
attack?
Try to get another IP if this is possible. But else you dont
have any way to avoid it - we all have such in the
Fabio schrieb:
Hi!
in my zope application I call ZSQLMethods from python script. Is it possible
to set connection id property of a ZSQLMethod before call it?
How?
ZSQLMethod.propertyItems() return only ('title','')
If you set it only one time, you should be able to read it from ZMI
page
Fabio schrieb:
Thanks for your reply but...
I have to change ZSQLMethod's connection_id according to a variable in
session
(so every user has its own database) while your method (if I understand it)
is static. Isn't it?
No its not. Thats whe whole point. You can always
look up
Fabio schrieb:
No its not. Thats whe whole point. You can always
look up
context.somewhere[variable].yourzsqlmethods.yourzsqlmethod(params...)
where variable holds the name of the connection folder.
I make an example.
two user:
pippo - db connection: dbpluto (holds in session in
Sam Boggess schrieb:
Does anyone know if it possible to rewrite the standard_error_message
in Page Templates?
Yes.
And if so how do you reference the objects within the error message?
p tal:content=here/error_valueerror value/p
Its options/error_value
The object is called with named
Tom Purl schrieb:
Hi everyone. I'm converting my personal web site from a Wordpress blog
into a ZWiki wiki site. I transferred all of the content, and would like
to create some redirect pages so that anyone visiting my old page url's
would be redirected to their new home. So, if someone
J Cameron Cooper schrieb:
Alric Aneron wrote:
Hello, I am new to Zope and DTML.
I am trying to use a python script to call a Z SQL method. The python
script also has a list that dtml-in inside the ZSQL method interates
over. so my python script:
-python script
words = ['one', 'two']
Fabio schrieb:
Hi!
I solved (partially) my problem: very thanks.
I studied acquisition and then I understood your example.
I've another problem (the last, I hope): I call some ZSQLMethod from
Python scripts so I need to execute a command dynamically.
example
I need to execute
David Johnson schrieb:
Good afternoon. I am new to Zope and I am excited about its possibilities.
We are an ASP and plan to use Zope to improve our development process.
I see that many people use J2EE based environments. Does anyone
understand why? Why would anyone use Java? What am I
David Johnson schrieb:
David - I am new to Zope, but I feel your assessment is correct. We have
developed and deployed very large applications using PHP/C++, and are now
looking to Zope to take us into the next stage. Python seems excellent at
object orientation and neatness with minimal
John Toews schrieb:
Zope 2.8.0, Python 2.3.5
I'm having a heck of a time figuring out how to zip up some files in my
zope instance and return them to the user. I can sucessfully create a
zip file on the local file system, but if I try to pass it back to the
user it is corrupted. Of course
John Toews schrieb:
Thanks Tino, I'll definately give that a try too. The quick fix seemed
to be opening the file for read in binary mode... that should have been
obvious. Posting another dumb question to the list now. ;)
no, dot use a regular file! Use the tempfile module!
And dont reopen but
Håkan Johansson schrieb:
Hi everyone.
I want to be able to block a user from logging in if he fails to give
the right login/password three times in a row. The problem is that I
don't know how to do this.
Because it isnt really possible/practicable at all with HTTP.
First, I need to know
Kedar Dash schrieb:
Dear All,
I am using python 2.3.5, zope 2.8 and plone 2.1.
After writing the following rewrite rule in apache (compiled from
source 1.3) the site is opening.
VirtualHost *
ServerAlias shakeelx.ekduniya.com
ServerName seems missing.
RewriteEngine On
Kedar Dash schrieb:
Dear Tino,
Thank you very much for your response. The site screen shot is given
below. Even if I specify the server name the result is the same.
If I assess the site with it ip address http://ip:port/instance
http://%3cip%3e:%3cport%3e/%3cinstance name it
Greg Fischer schrieb:
...
I like what you said, be tolerant. Some of us don't see the limitations
of DTML as something that is broken, or that it is not good. I don't
I see we have to improve teaching.
think there is anything wrong with ZPT either, I simply don't have a use
for it.
Jens Vagelpohl schrieb:
...
What exactly would that do? Would you want to force everyone to use gpg
keys? Sounds just a bit unrealistic.
Yes, I feared it. After all it was just an idea.
Alternatively the ability to register trusted
MTAs with an address could help and would be completely
Martijn Pieters schrieb:
On 1/17/06, Tino Wildenhain [EMAIL PROTECTED] wrote:
Alternatively the ability to register trusted
MTAs with an address could help and would be completely
transparent for those who dont care.
Unfortunately the nature of open source communities around a domain
name
Andrew Sawyers schrieb:
IIRC, all of the zope mailing lists only accept mail from subscribers -
so these are likely just someone spoofing the sender address. No reason
to try and handle this on the list server side IMNSHO.
Of course they are. Thats the whole point :-) On which side do you
Andrew Sawyers schrieb:
I'm a little confused, if that's the whole point, not sure what the
point is. Perhaps I jumped the gun by replying :).
I guess I would setup a local procmail rule or posfix rule to not accept
mail with these attachments? If the mail is not going through the zope
Erik Myllymaki schrieb:
I haven't delved too deeply here, but I think Zope MailTemplates are
wrapping any subject longer than 70 characters.
Is there any way to turn this feature off?
No, its just standard. Where is the problem?
rfc822 headers can be wrapped.
Jens Vagelpohl schrieb:
On 21 Jan 2006, at 13:02, Sune Christiansen wrote:
Hei All.
I have the following problem:
I am building up a ZCatalog and indexing my DTML methods. I use the
index
type ZCTextIndex and the object function PrincipiaSearchSource. It works
fine.
But when I try
easily
set up Apache Vhosts as proxy to zope with ssl.
HTH
Tino Wildenhain
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope
Jens Vagelpohl schrieb:
...
I don't know if making Zope serve out SSL directly helps that (I doubt
it) because I wouldn't consider using it.
No, it does not. You only add the hassle to deal with nasty zope patches
to the scene. Only IP per ssl-host helps :-)
Regards
Tino
michael nt milne schrieb:
Ok, thanks. The annoying thing is that I am renting a virtual dedicated
server which allows multiple domain names obviously but not multiple IP
addresses. Or it probably costs more for that. Do you reckon SSL will
ever be available for virtual single IP based hosts?
Jeff Donsbach schrieb:
On 1/24/06, michael nt milne [EMAIL PROTECTED] wrote:
Ok, thanks. The annoying thing is that I am renting a virtual dedicated
server which allows multiple domain names obviously but not multiple IP
addresses. Or it probably costs more for that. Do you reckon SSL will
think it should work instead and what are the improvements
you see as well as the drawbacks?
Regards
Tino Wildenhain
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists
Peter Bengtsson schrieb:
Have you tried
https://user:[EMAIL PROTECTED]:port\folder\method..
?
On 1/25/06, José Carlos Senciales [EMAIL PROTECTED] wrote:
Hello,
I need to use XML-RPC to call some functions of a product in zope, but all
my xml-rpc conections
has user:[EMAIL
michael nt milne schrieb:
Cookie authentication can't be secure. Also I have my doubts about
http authentication. I'll check though. Basicallx you want really good
encryption on any logon and password etc.
You want ssl for all. There is no security if you have logon encrypted
in a stateless
martin f krafft schrieb:
Hi there,
...
I was thinking we could send data back to the browser, but I cannot
figure out a way to do this from a TTW Python script. How can I send
data immediately, not only when I 'return printed' after all the
processing is done. NPH or so, I believe this was
michael nt milne schrieb:
Yes I agree, having checked on basic http authentication I need SSL.
Basic http and cookie auth is insecure. I just feel that zope should
have this facility even with a self signed certificate, so that you
could do it without Apache and had more options. The option to
Sven Deichmann schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Oh well... no news is not always good news. I could also mean that PHP
is much more popular and under more surveillance while python is only
good known to professional crackers...
The problem is, that in this usecase we
Peter Bengtsson schrieb:
Suppose my code looks like this::
class MyProduct(Folder):
blablabla
print class MyProduct has just been reloaded
Then I start zope with ./bin/runzopt, debug-mode off, make a change in
the product and press the Refresh button in the Control_Panel and
notice
Richard Smith schrieb:
I gather that the problem whereby having more than one IMG submit on a
single form causes some browsers (IE but not firefox) problems is well
known. The problem is solved by using the positional attributes x,y in
a cgi script.
Pardon, but how do the x,y coordinates
Roman Klesel schrieb:
Hello again,
I just started with FS products and have trouble to figure some things out ...
From within zope I would like to call scripts that I provide in the product
folder on the file system like eg.:
handle = os.popen('gnuplot %s/bin/loadgraphs.gplt' %
michael nt milne schrieb:
Thanks for the advice. I'll have another look at the security settings
but this is undoubtedly an issue. The superuser password not working is
the main one etc. But ultimately my comments on usabiltity should be
taken on board because Zope security is overly
a broken useragent
(e.g. Internetexplorer) with horrible cache settings and did
view the authenticated page before.
Regards
Tino Wildenhain
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding
michael nt milne schrieb:
Sorry but this is not my experience and I have experimented. Am using
gmail basic setting which I like.
Be sure mailinglist people dont like it :-)
Actually it should not bee too hard to
1) create a role, lets call it Guests (in / )
2) create a user: guest (in
Mark Barratt schrieb:
michael nt milne wrote:
...
My other advice is to try not to touch ZMI security screens: if you're
using Plone you should try to set up the security you need in Plone as
Ah yes, things are a bit different when plone comes in. Then Plone
documentation should be
michael nt milne schrieb:
glad you've taken that on board :-) Over and out from me on this one as
well. By the way using the location/location directive is the way to
password protect using Apache on non directory based virtual hosts. It works
using the URL line rather than directory access.
Jonathan schrieb:
You can create a small utility external method to call dir() and type() - very
useful!
There are easier ways to shot yourself in the foot :-)
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No
Jonathan schrieb:
How would you shoot yourself?
dont you think these methods arent accessible from
ZMI code by purpose? :-)
Btw, for Properties and their types there are already
API methods. So no need to put holes into your site security.
Regards
Tino
Jonathan schrieb:
The idea of using an external method for dir/type is simply to allow a
developer to quickly investigate attributes/methods of objects - if you
are silly enough to actually incorporate this mechanism into
'production' code then you should shoot yourself.
And how did you
Allen Huang schrieb:
I want to make a web page that could handle mouse events. My primary goal is to do some image processing like zooming and panning on an image displayed and redisplay it on the same page. But I don't really know how to approach this and at the same time interacting with Zope
Floyd May schrieb:
On 2/10/06, Tino Wildenhain [EMAIL PROTECTED] wrote:
... maybe if there is a chapter about
image manipulation on the fly with PIL (python imaging lib)
I believe that Plone (or Plohn as it seems to be called by Zope people
;-) ) has some product(s) somewhere that make
Ron Bickers schrieb:
On Fri February 17 2006 05:19, Martijn Pieters wrote:
...
Ok. I thought it was reporting Apache for me before, but I don't recall for
sure. Does using mod_rewrite with [P] report the same?
Yes, and its working internally identically :-)
Apache as frontend proxy
Marc Schnapp schrieb:
If anyone here has the consulting expertise to help implement a
solution, please email me separately at m + schnapp + service + marc +
dot + com.
Its much easier as you might think. You dont even change Zope for this
if you are using apache as front end proxy via usual
Nicolas Georgakopoulos schrieb:
Hello Zopistas,
I need a little guidance for a site that must make image processing on
the fly.
Users should be able to upload image files and after some pixels
manipulation they should see the image preview after the changes and
download it.
You should be
Robert (Jamie) Munro schrieb:
How can I put something in a session from ZPT?
I've tried:
div tal:define=session/foo request/foo
div tal:define=foo python:session['foo']=request['foo']
Do I really have to write a python method just to assign a single value?
No you can use the method for all
LonLon schrieb:
Thanks for your suggestion jens, but my java applet is working outside
zope, it has no problem with mySQL database. Only when I integrate my
applet into zope, it can not take mySQL data anymore. That's why I
request suggestions here. I am still hoping somebody knows how to fix
Alric Aneron schrieb:
Hello,
I see I can only execute python functions in external methods.
Is there any way to execute the whole file, not just a certain
function? In linux I created a python script, and it doesn't have
functions. I just want to execute the whole file. I tried using self
Mark, Jonathan (Integic) schrieb:
Over at the Zope-Dev mailing list, Jim Fulton (the inventor of Zope) is
talking about a new line of software called Zed. It would consist of
those parts of Zope 3 which can be called independently of the
Zope/twisted server.
please be carefull on inventing of
Martin Koekenberg schrieb:
Hello,
Is it possible to use a DTML-In to display all DTML Documents in a
folder exept the one's with a centain value in a property ?
Example.
DTML Document one with property a=bc
DTML Document two with property a=de
DTML Document three with property a=bc
Now
Hugo Ramos schrieb:
Has any1 tried this before? Can you point me to some documentation?
What's your experience? is it true that not doing this the 4 cpu's
will not be 100% used?
I think these questions are very ZOPE RELATED since I asked them in a
Zope mailing list don't you think?
I'm
John Poltorak schrieb:
Is there such a thing as a repository of sample Zope Page Templates?
I don't mean sample code snippets but ZPT's that people use in real
websites.
What are you after? (X)HTML-Design? PTs arent rocket science. And in
the event they are, the author should rethink his
JulianRead schrieb:
Hi
I have created a zope / plone site which i have deployed on a dedicated
server using linux with fedora core 3.
I have installed zope as root as setup an instance of zope using a different
user.
I am trying to setup zope so that it will start automatically when the
Peter Bengtsson schrieb:
John Huttley wrote:
Hi,
What is the best way of handling CSS?
I've looked at ZStylesheets, but it is buggy and uses depreciated
functions that will not be available in 2.10.
I recommend a DTML Document as an upgrade to File objects.
If you use DTML you can
a)
Dario Lopez-Kästen schrieb:
...
The fact that the issue of the GIL is not more prominent in the Zope
worlds, I think is because relatively few zopistas are aware that there
is a problem; mostly, because not so many run multicpu-boxes in
production, and also because of attitude, I suppose:
David Pratt schrieb:
Anyone have any idea whether dynamic css via dtml will remain possible
as CMF gets more Z3'ish? Or will only possibility be overrides in css
itself.
What do you expect to change with Z3? Otoh, not using runtime-generated
CSS is usually a better approach anyway.
Regards
Tonico Strasser schrieb:
Tino Wildenhain schrieb:
... flexibility w/o slow and error prone full dynamic
stylesheets.
Plain text/css files are slow too if you don't cache 'em.
But you can, thats the whole point.
Regards
Tino
___
Zope maillist
Cyrille Bonnet wrote:
Hi there,
I have been telling all my clients about how great Zope is for security:
fine-grained permissions, security framework, roles, etc.
Now, one of my clients has a security expert who took a close look at
how Zope authenticates users. The results were not good.
Cyrille Bonnet wrote:
Hi Terry,
...
Sorry, I wasn't even aware that Zope stores the passwords in plain text.
My primary concern (for the moment) is passwords in plain text in the
request.
No it does not. The default userfolder stores passwords hashed.
Regards
Tino
Chris Withers schrieb:
...
what way? http basic auth is a standard. cookie auth isn't, and it's
always insecure no matter how you implement it
they are both equally insecure - while you can make the cookie
(as session auth) a little more secure - but after all its worth
nothing as long as you
Chris Withers schrieb:
Tino Wildenhain wrote:
Cyrille Bonnet wrote:
Hi Terry,
...
Sorry, I wasn't even aware that Zope stores the passwords in plain text.
My primary concern (for the moment) is passwords in plain text in the
request.
No it does not. The default userfolder stores
Jed Parsons wrote:
Oh, cool. That's kind of magical. :)
It looks like I can't get the RESPONSE that way, so if I want to do a
RESPONSE.setCookie(...) somewhere, I have to pass REQUEST and RESPONSE
as before, yes?
No, RESPONSE is a subobject of REQUEST - see python scripts as
an example
Mads Munch Hansen wrote:
Hi,
Since I installed Zope on my server Tomcat has stoped working, and I was
wondering if any of you knew of a solution. When I try to load the
management interface for TomCat, all I get is a blank page, the same
when I try to log into OpenXchange... I installed zope
Dean Hale schrieb:
Hi,
I hope this is the correct forum to add this query, and any help
appreciated.
I have the following zpt which pulls in the users userid - $uid and some
text generated from a python script (myEV - $pass). It works fine
however i need to pass the variables along in a
Dennis Allison wrote:
Too many and too hard to remember where they are. I have writen a
FindAndApply external method that uses reloadIfChanged().
Well if too many, why not go to full external products?
Regards
Tino
___
Zope maillist -
201 - 300 of 522 matches
Mail list logo