[Zope] Two or three things about Zope 5

Jens Vagelpohl jens at netz.ooo
Thu May 6 15:51:45 GMT 2021


Hi Giampiero,

1. Hiding the original exception is done by the waitress WSGI server Zope uses, not Zope itself. Allowing tracebacks to show in the browser leads to an information disclosure vulnerability. You can use the expose_tracebacks argument to waitress by adding it to your WSGI configuration .ini file in the section for the server:

[server:main]
...
expose_tracebacks = True.

Don’t do this for a production site, though. The “minimalistic” error page is there for security reasons.

2. As Jürgen mentioned, https://zope.readthedocs.io/en/latest/zopebook/Sessions.html#alternative-server-side-session-backends-for-zope-4 has more information about using sessions in Zope.

3. Instead of doing a separate EXPORT in your shell when starting Zope you can edit your Zope configuration file and add an environment section like this:

<environment>
    TZ Europe/Rome
</environment>

jens



> On 4. May 2021, at 16:24 , Giampiero Benvenuti <giampiero.benvenuti at chiaroscuro.com> wrote:
> 
> Hi there,
> 
> first of all, I want to thanks all the people who works on the project “5”.
> Second, please bear with me while I try to communicate my failures with the "5”.
> I was able to install zope5.1.2 on my mac and also on opalstack.com with the help of Sean. It looks great! The Chameleon Editor works fine and so almost all the products I would need.
> So far, the only issues I have with it are the errors expressions and the Session Data Manager.
> 1. When in some script I do some typo like “reuest” instead or “request” I get the error “Internal Server Error The server encountered an unexpected internal server error (generated by waitress)”
> Question: can I have a better and less “minimalistic” error expressions, something more “friendly”?
> 2. Yeah! Session Data Manager: "Sessioning is currently disabled because the session data container path setting is invalid. Please enter the path to a valid session data container object.”. What can I do bout it?
> 3. Sorry, I forgot about this: zone time. In zope 2.xx I used to set the local/zone time in this way: in instance/bin/runzope: export TZ=Europe/Rome. How do I fix it in zope5?
> 
> Thanks you all for your work and help,
> 
> —giampiero
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://mail.zope.org/pipermail/zope/attachments/20210506/c64f944e/attachment.sig>


More information about the Zope mailing list