[Zope] standard_error_message woes!

[Chris Withers]

> I think this is because these are standard error codes
> that have to do with the web server and they must work
> even if the object database doesn't.
>
> There must be a more detailed reason why these errors
> aren't connected to the db, but someone else will have
> to answer that one. :)

This keeps on coming up. It's because certain errors aren't processed as you
would expect. For example, try putting a space in a URL going to a Zope
server. You get a very horrible error, probably from Medusa... yurch!

What you're experiencing is something similar. Most errors do go to the
nearest standard_error_message, but there are a load (security being the
most notable ones) of errors that just return the hard coded error message,
which isn't very nice :-(

There was talk of fixing this a while back but nothing happened...

Chris

PS: almost related, have you noticed how there's no way you can prevent Zope
(other than hacking the source) from tacking the error message on the end of
the HTML stream, even in production mode? Not only does this produce badly
formed HTML, but it gives out way more information that it should to someone
potentially looking to hack your site...