[Zope-dev] Re: [Zope] isecure XML-RPC handling.
Eron Lloyd
lloyd@lancaster.lib.pa.us
Tue, 2 Apr 2002 16:01:41 -0500
The problem here seems to be that you are trying to do XML-RPC communication
with a version of Zope that doesn't support XML-RPC out of the box. You
should use a version >= 2.4.0 to get this to work. From the output you sent
below, it looks like you're trying to invoke an RPC method call against
Zope.org? As far as I can tell, Zope.org (for some odd reason) is STILL
running on that very same version -> Zope/Zope 2.3.2 (source release, python
1.5.2, linux2) ZServer/1.1b1 on Linux, so is not XML-RPC enabled, either.
Trying to invoke a request will return a site error.
On that thought, I'd like to see Zope.org become much more modern, and
reflect the *latest* and *greatest* functionality of Zope. Deprecation of the
hybrid PTK that's used, as well as updating and polishing of the site
regularly. In fact, I'd like to see more of a portal feel to it, that's both
personalized and customized to my needs. For instance, log into my account,
download 2.5.1b1, come back a week later and here's a big notice that beta2
is available for *my* setup. Also, can we see some Web services? Imagine, in
the management interface, and visiting the Control Panel. There is an
"Update" tab, which when loaded queries zope.org with the XML-RPC method
"zope.webservices.getUpdates(my_install)", which passes in my server's
version, installed products, etc. and lists updates, hotfixes, and other
notices. With the flexibility and dynamic runtime nature of Python, i wonder
how hard it would be to update a running server.
Anybody working on this or interesting in seeing this kind of feature? I
envision something along the lines of Redhat Network, WindowsUpdate, or
Ximian Red Carpet. When visiting Zope.org, this information would be updated,
so users would have profiles that store this data. This could be a great
start to get new.zope.org up and running. Sounds like I'm volunteering myself
if it creates a large demand... :^)
Eron
On Tuesday 02 April 2002 02:33 pm, Rossen Raykov wrote:
> Zope is not handling correct XML-RPC request.
>
> Even the example from http://www.zope.org/Members/Amos/XML-RPC is not
> working.
>
> Even worst if a request like this one in the quoted example is send to the
> web server it will report information about the local server installation
> and the internal network.
>
> Included are a request and response to www.zope.org.
>
> As one may see the server is installed in
> /usr/local/base/Zope-2.3.2-modified/
> and it rely on 10.0.11.3:1380 for request processing.
>
> All this may be useful debug information but it is not acceptable for a
> production server!
>
> I'm not familiar with Zope and I cannot say is it only a configuration
> problem or it is a problem in the code.
>
> I do not have time to investigate that but a similar result may be achieved
> with the distribution offered for download.
>
> Please let me know if I have to send this bug information to some one else.
>
> I would like to be informed and when this issue is resolved so I can
> announce it on Bug-Traq.
>
> Regards,
> Rossen Raykov
>
> <cut here>
> $ telnet www.zope.org 80
> Trying 63.102.49.33...
> Connected to www.zope.org.
> Escape character is '^]'.
> POST /Foo/Bar/MyFolder HTTP/1.0
> Content-Type: text/xml
> Content-length: 95
>
> <?xml version="1.0"?>
> <methodCall>
> <methodName>objectIds</methodName>
> <params/>
> </methodCall>
>
>
> HTTP/1.0 500 Internal Server Error
> Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2)
> ZServer/1.1b1 Date: Sat, 23 Mar 2002 03:09:14 GMT
> Bobo-Exception-File:
> /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py Content-Type:
> text/html
> Bobo-Exception-Type: RuntimeError
> Bobo-Exception-Value: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0
> Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd"<HTML>
> <HEAD <TITLE>Welcometo Zope.org</TITLE <link rel="stylesheet"
> href="http://10.0.11.3:1380/zope_css" type="text/css" </HEAD <BOD
> Content-Length: 6864
> Bobo-Exception-Line: 748
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
> "http://www.w3.org/TR/REC-html40/loose.dtd">
> <HTML>
> <HEAD>
> <TITLE>Welcome to Zope.org</TITLE>
> <link rel="stylesheet" href="http://10.0.11.3:1380/zope_css"
> type="text/css">
>
> </HEAD>
>
>
> <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#000066" VLINK="#606060"
> TOPMARGIN="0" LEFTMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">
> <BASEFONT FACE="Verdana, Arial, Helvetica, sans-serif" SIZE="2">
>
> <TABLE BORDER="0" CELLPADDING="0" CELLSPACING="0" >
> <TR>
> <TD WIDTH="10" BGCOLOR="#6699cc" ALIGN=CENTER> </TD>
> <TD COLSPAN="2" BGCOLOR="#6699CC" VALIGN="TOP" WIDTH="165"><A
> HREF="/"><IMGSRC="/Images/zopecom.gif" ALT="Zope" ALIGN="ABSMIDDLE"
> WIDTH="150" HEIGHT="63" BORDER="0"></A></TD>
> <TD BGCOLOR="#6699CC" VALIGN="TOP" ALIGN="RIGHT" xWIDTH="99%"
> CLASS="welcome">
> <p class="welcome">
> <a class="globalmenu" href="http://www.zope.com">Business
> Services</A>
>
> | <A CLASS="globalmenu" HREF="/SiteIndex/searchForm">Search</A>
> | <a CLASS="globalmenu" href="/Products">Download</a>
> | <a CLASS="globalmenu" href="/Documentation">Documentation</a>
> | <a CLASS="globalmenu" href="/Resources">Resources</a>
> | <a class="globalmenu" href="http://dev.zope.org">Development</a>
>
> <BR>
>
>
> <FORM ACTION="/SiteIndex/search" METHOD="GET" name="search">
> Search
> <INPUT TYPE="text" NAME="text_content" SIZE="15">
>
> <INPUT TYPE="IMAGE" SRC="/Images/go.gif" ALT="Go Button!"
> ALIGN="ABSMIDDLE" BORDER="0" WIDTH="20" HEIGHT="20">
> </FORM>
> </p>
> </TD>
> <TD WIDTH="10" BGCOLOR="#6699CC" ALIGN="RIGHT" VALIGN="BOTTOM"><IMG
> SRC="/Images/blue-rounder1.gif" WIDTH="14" HEIGHT="20" BORDER="0"></TD>
> </TR>
>
> <TR>
> <TD WIDTH="10" BGCOLOR="#6699cc"> </td>
>
>
> <TD WIDTH="150" BGCOLOR="#6699CC" VALIGN=TOP>
> <H2 CLASS="lefttitle"> Guest</H2>
> <p class="sidemenu">
> <A CLASS="sidemenu" HREF="/Register/register.html">Join Zope.org</A>
> <BR>
> <A CLASS="sidemenu"
> HREF="/login.html?came_from=http://10.0.11.3:1380">Log in</A>
> </p>
>
>
>
> <HR NOSHADE SIZE="0.5" WIDTH="95%">
>
> <H2 CLASS="lefttitle"> Zope Exits</H2>
> <p class="sidemenu">
> <A CLASS="sidemenu" HREF="http://dev.zope.org/">dev.zope.org</A><BR>
> <A CLASS="sidemenu" HREF="http://cmf.zope.org/">CMF Dogbowl</A><BR>
> <A CLASS="sidemenu" HREF="http://collector.zope.org/Zope">Zope
> Collector</A><BR>
> <A CLASS="sidemenu" HREF="http://cvs.zope.org/">Zope CVS</A><BR>
> <A CLASS="sidemenu" HREF="http://www.zopezen.org/">ZopeZen</A><BR>
> <A CLASS="sidemenu" HREF="http://www.zopenewbies.net/">Zope
> Newbies</A><BR>
> <a class="sidemenu" href="http://www.zopelabs.com/">Zope Labs</a><br />
> <A CLASS="sidemenu" HREF="http://www.eurozope.org/">EuroZope</A><BR>
> <A CLASS="sidemenu" HREF="http://www.zopera.org/">Zopera</A><BR>
> <A CLASS="sidemenu" HREF="http://zdp.zope.org">ZDP</A><BR>
> <A CLASS="sidemenu" HREF="http://www.freezope.org">FreeZope</A><BR>
> <a CLASS="sidemenu" href="http://www.nipltd.net/Free">NIP Free Zope
> Hosting</a>
>
> </p>
> <HR NOSHADE SIZE="0.5" WIDTH="95%">
>
> <p><a href="http://www.amazon.com/exec/obidos/ASIN/0735711372/zopeorg-20">
> <img src="http://www.zope.org/Images/zopebook.png" alt="The Zope Book"
> height="140" width="109" border="0" /></a>
> </p>
>
>
> <p><a href="http://python.org/" alt="Python Powered!" ><img
> src="http://www.zope.org/Images/python.gif" border="0"></a></p>
> </TD>
> <TD COLSPAN="2" VALIGN=TOP>
> <table cellpadding="10" cellspacing="0" border="0" width="100%">
> <tr valign="top">
> <td>
>
>
>
>
> <TABLE BORDER="0" WIDTH="100%">
> <TR>
> <TD WIDTH="10%" ALIGN="CENTER">
> <STRONG><FONT SIZE="+6" COLOR="#77003B">!</FONT></STRONG>
> </TD>
> <TD WIDTH="90%"><BR>
> <FONT SIZE="+2">System Unavailable</FONT>
> <P>This site is currently experiencing technical difficulties.
> Please contact the site administrator for more information. For
> additional technical information, please refer to the HTML source for this
> page. Thank you for your patience.</P>
> </TD>
> </TR>
> </TABLE>
> <pre>
> Error type: RuntimeError
> Error value: Syntax error at line 5: bogus `<'
> </pre>
> <p align="center">
> <form>
> <input type="button" value="More Information..."
> onClick='window.location = "view-source:" + window.location.href'>
> </form>
> </p>
>
> </td>
> </tr>
> </table>
>
>
> </TD>
> <TD WIDTH="10" ALIGN=CENTER> </TD>
> </TR>
> <TR><TD WIDTH="10" BGCOLOR="#6699cc"ALIGN=CENTER> </TD>
> <TD WIDTH="150" BGCOLOR="#6699CC" ALIGN=RIGHT VALIGN=BOTTOM><IMG
> SRC="/Images/blue-rounder2.gif" WIDTH="142" HEIGHT="20" BORDER="0"
> ALT=""></TD>
> <TD COLSPAN="2" ALIGN=CENTER CLASS="plain"><HR NOSHADE SIZE="0"
> WIDTH="95%">
> <a href="/privacy.html">Privacy policy</a>
>
>
> <A HREF="http://10.0.11.3:1380?pp=1">Printable Page</A>
>
>
> <A
> HREF="/Members//feedback_form?came_from=http://10.0.11.3:1380">Feedback to
> this page's author</a>
>
> <A
> HREF="http://10.0.11.3:1380/feedback_site_form?whats_up=Welcome%20to%20Zope
>. org&origin_url=http://10.0.11.3:1380">Feedback about Zope.org</A>
>
> <A
> HREF="http://10.0.11.3:1380/view_source">DTML Source</A>
>
> </TD>
> <TD WIDTH="10" ALIGN=CENTER> </TD>
> </TR>
> <TR>
> <TD WIDTH="10"> </TD>
> <TD WIDTH="150">
> <p style="font-size: 60%; color: #cfcfcf;">served by app2</p></TD>
> <TD WIDTH="150"> </TD>
> <TD> </TD>
> <TD WIDTH="10"> </TD>
> </TR>
> </TABLE>
>
>
> <P CLASS="copyright">© 2002
> <a href="http://www.zope.com/">Zope Corporation</aAll rights reserved.</P>
>
> </BODY>
> </HTML>
>
> <!--
> Traceback (innermost last):
> File
> /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, line
> 223, in publish_module
> File
> /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, line
> 187, in publish
> File /usr/local/base/Zope-2.3.2-modified/lib/python/Zope/__init__.py,
> line 221, in zpublisher_exception_hook
> (Object: ApplicationDefaultPermissions)
> File
> /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/Publish.py, line
> 136, in publish
> File
> /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/HTTPRequest.py,
> line 414, in processInputs
> File /usr/local/base/Zope-2.3.2-modified/lib/python/ZPublisher/xmlrpc.py,
> line 120, in parse_input
> File /usr/local/base/Zope-2.3.2-modified/lib/python/xmlrpclib.py, line
> 531, in loads
> File /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py, line 153,
> in close
> File /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py, line 365,
> in goahead
> File /var/tmp/python/python-root/usr/lib/python1.5/xmllib.py, line 748,
> in syntax_error
> RuntimeError: (see above)
>
> -->
> Connection closed by foreign host.
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
> ---
> [This E-mail scanned for viruses by Declude Virus]
---
[This E-mail scanned for viruses by Declude Virus]