[Zope] *Designing* Zope sites

BZ bz@bwanazulia.com
Wed, 19 Sep 2001 23:57:38 -0400


Wow.... did I really send this? :)

Truthfully, I started writing this MONTHS ago and never got the 
chance to finish it (was in response to something from 3/7/01). I was 
cleaning up some old emails and it must have been sent. Might as well 
finish it.

A case for lowercase:

The lowercase thing is certainly personal preference. The idea behind 
it is as a developer and coder it is hard enough trying to remember 
what things were named without having to figure out the 
capitalization scheme. Having said that though, I would amend it by 
saying to keep things lowercase that public (files, folders, image 
names) but for things that are private (Python Scripts, DTML Methods, 
SQL Methods) using a little capitalization can set them apart from 
everything else and make them easier to find.

Zope Security:

Zope security is both simple and complex. It is simple to open up a 
folder to allow people to post images but it might not be the best 
way and could open up more than you wanted (like posting WareZ). The 
hardest part of security is trying to hack your own security to 
figure out how someone else will hack it (kind of like reading what 
you have written). As a general rule I would keep the default 
security of Zope objects and change it very very slowly and 
carefully. I would write down what and where you changed it and do so 
on a step by step process. You might also want to ask the mailing 
list a question or two before doing so or at least have a friend try 
to break in.

Maybe someday I will write the rest of this "thing" which is starting 
to look like an article.... too bad the Monthly Zope magazine is not 
knocking down my door... (no, it does not exist!).

Cheers,
BZ

At 11:44 PM -0400 9/19/01, Trevor Toenjes wrote:
>Great feedback.  As a newbie to development, not just Zope, your comments
>are appreciated.  (and refreshing)
>I do have some follow-up curiosity Q's.
>
>>  - Do some things just the way you would with any old server. I still
>>  use /images/ for a place to put all my images and still reference
>>  them in html. I still name pages ".html", keep everything lowercase
>>  and use names for folders that make sense.
>I have wondered if this makes the best sense with the world being .html
>oriented.
>Is this really a usability issue?  everything with zope looks like it is
>coming from a folder, which eliminates the need from users to remember
>.asp,.htm,.htm,.cfm
>But doesnt this look confusing if you apply a method to an object(zClass)
>and get zope/folder/adocument.html/amethod.html??  or can you avoid this?
>Do you have other reasons for this?
>
>I havent implemented "keep everything lowercase", which HAS caused usability
>problems when users try to go to a case sensitive page directly.
>Can mod_rewrite fix this by trying to find all lower or upper case
>iterations of an URL?  An experienced developer that helps me couldnt figure
>this out.
>
>
>>  - Spend extra time learning Zope security. If you don't it will bite
>>  you in the end (your end).
>okay.  like I said, I am new to this. briefly, what are the security issues
>with zope, and what is the easiest way for someone to break your Zope
>maliciously?
>Any examples you could share?
>
>Thanks,
>-Trevor
>
>
>
>>  -----Original Message-----
>>  From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of BZ
>>  Sent: Wednesday, September 19, 2001 11:07 PM
>>  To: Joel Burton; zope@zope.org
>>  Subject: Re: [Zope] *Designing* Zope sites
>>
>>
>>  Ok... so I will step up to the bat.... with what I have learned (and
>>  throw it into a how-to on Zope.org)
>>
>>  After building, maintaining and rebuilding over 10 sites with Zope of
>>  all different varieties here is some of what I have learned (in a pea
>>  pod shell)
>>
>>  - Get to know and love standard_html_header and standard_html_footer
>>  they will make your life much easier if you can decide what stuff to
>>  put in them and what stuff to leave out. Navigation is good, site
>>  table templates are good. Anything that is page specific is not so
>  > good.
>>
>>  - Do some things just the way you would with any old server. I still
>>  use /images/ for a place to put all my images and still reference
>>  them in html. I still name pages ".html", keep everything lowercase
>>  and use names for folders that make sense.
>>
>>  - I find that hosting more sites out of one Zope installation,
>>  leaving some dependencies on products is a much better way to go and
>>  much easier to maintain in the end.
>>
>>  - Use versions. They are easy, fun and powerful. You can play with a
>>  live site to your hearts content without ever breaking it.
>>
>>  - Use Zope products with a little caution. There are a ton of
>>  products that do a lot of things but not all of them are still
>>  supported nor have been tested with the newer releases of Zope. Look
>>  at date of the last distribution to see when they updated it. Also,
>>  if it is says beta, know that it probably is for a reason. Email the
>>  developer and ask.
>>
>>  - Spend extra time learning Zope security. If you don't it will bite
>>  you in the end (your end).
>>
>>  -
>>
>>
>>  At 11:17 AM -0500 3/7/01, Joel Burton wrote:
>>  >I've been learning about the workings of Zope: ZClasses, ZSQL methods,
>>  >Python products, etc., and there are *lots* of resources about the APIs,
>>  >and lots of products to add content to our sites.
>>  >
>>  >There is also lots of help on how to *set up* a Zope site: how to tie
>>  >w/Apache, etc.
>>  >
>>  >What I haven't found yet, though, is much advice on how to *design* the
>>  >Zope site:
>>  >
>>  >  . effective ways to use User Folders
>>  >
>>  >  . whether to make containing folders for like objects (eg book
>>  reviews),
>>  >and collect these for lists with objectValues, or whether to add them
>>  >under user folders/different contexts, and use ZCatalog searches to find
>>  >them.
>>  >
>>  >  . how to handle printable pages throughout a site
>>  >
>>  >  . strategies for using ZSQL methods throughout a site
>>  >
>>  >and so on
>>  >
>>  >The Zope book tosses some nuggets of advice here and there, but doesn't
>>  >build up a site, so we don't really get to see the workings of a talented
>>  >Zope architect. Other documentation focuses on how to Do Things, like use
>>  >SQL methods, or how to build products.
>>  >
>>  >I've had a little bit of time to look at the CMF, and that has some
>>  >structure about reviewing, etc. (and seems to advocate the 'place things
>>  >in user folders, use ZCatalog to find' method); however, I'm not
>>  designing
>>  >something that seems so portal-ish, and this seems like a hegemonic
>>  >solution to a design question.
>>  >
>>  >So:
>>  >
>>  >Am I missing any resources on fitting it all together?
>>  >
>>  >Are there 'example sites' that someone could describe?
>>  >
>>  >Would anyone with a well-designed site be willing to export it all up and
>>  >post it somewhere, so we could explore it?
>>  >
>>  >Or are there other ways of starting this learning path?
>>  >
>>  >--
>>  >Joel Burton   <jburton@scw.org>
>>  >Director of Information Systems, Support Center of Washington
>>  >
>>  >
>>  >_______________________________________________
>>  >Zope maillist  -  Zope@zope.org
>>  >http://lists.zope.org/mailman/listinfo/zope
>>  >**   No cross posts or HTML encoding!  **
>>  >(Related lists -
>>  >  http://lists.zope.org/mailman/listinfo/zope-announce
>>  >  http://lists.zope.org/mailman/listinfo/zope-dev )
>>
>>
>>  _______________________________________________
>>  Zope maillist  -  Zope@zope.org
>>  http://lists.zope.org/mailman/listinfo/zope
>>  **   No cross posts or HTML encoding!  **
>>  (Related lists -
>>   http://lists.zope.org/mailman/listinfo/zope-announce
>>   http://lists.zope.org/mailman/listinfo/zope-dev )