[Grok-dev] UPDATE recently created projects to 0.14.1

Sebastian Ware sebastian at urbantalk.se
Tue Dec 16 03:23:07 EST 2008 

Being the devils advocate if I am excused. This feels like a  
microsoftesque solution. Would be a lot nicer if could query my Grok  
installation from a commandline or dashboard like interface.

   the.url.com:port Grok 0.14 *** Security alert ***
   other.url.com:port Grok 0.14.1 Ok
   another.url.com:port Grok 0.12.1 *** Security alert ***

That way one could have a consolidated view, minimising the risk of  
missing an app. Having to enter each admin application page as "the  
default way" to check this seems a bit cumbersome and prone to  
oversight (the mother of all security holes).

Mvh Sebastian

16 dec 2008 kl. 01.26 skrev Martijn Faassen:

> Hey,
>
> Great that people want to work on this!
>
> +1 to a phone home feature that reports in a prominent place in the  
> admin UI
>
> +1 to Brandon's idea that the phone home feature should simply look  
> for
> a '0.14.1.security' file in our regular release info place (or  
> something
> like that) and just use that that security message. Message should be
> plain text and not HTML interpolated with 'structure' to avoid  
> insertion
> attacks.
>
> -1 to adding another question to grokproject. I think this should  
> ask as
> few questions as possible and I think we can do the right thing  
> without
> grokproject being involved.
>
> +1 to a setting in the admin UI to turn this on or off
>
> +1 to this setting being "off" by default
>
> +1 to a feature in the admin UI that sents people off to some
> configuration screen/wizard the first time they ever enter the admin  
> UI.
> Simply store a flag in the ZODB when people have set it. Possibly some
> mechanism that also records version number or something like that, so
> that future versions of the admin UI can send the user back in case of
> important new security setting.
>
> It's important that the admin UI will not hang or something like that
> while phoning home when the computer is not online. It should  
> therefore
> fail quickly.
>
> I think that's enough functionality to make sure that people who  
> *want*
> to be notified will be notified and also have a chance to learn about
> the notification feature.
>
> Regards,
>
> Martijn
>
> _______________________________________________
> Grok-dev mailing list
> Grok-dev at zope.org
> http://mail.zope.org/mailman/listinfo/grok-dev

More information about the Grok-dev mailing list