[Zope3-dev] Fatal Python error: can't initialize module
MultiMapping when access "++apidoc++/Class/menu.html"
Fred Drake
fdrake at gmail.com
Mon Nov 29 10:28:32 EST 2004
On Mon, 29 Nov 2004 09:32:46 -0500, Jim Fulton <jim at zope.com> wrote:
> The point is that causing modules to be imported from the web is a
> security hole waiting to happen.
Yes, so apidoc should be disabled on production sites. Site visitors
have no business accessing apidoc anyway.
> Why would apidoc want to document a module that hasn't been imported?
> Presumably, such a module isn't being used by the system. If it
> was, it would be in sys.modules.
Maybe. Not all modules are imported early. Some may not be imported
until after particular content has been loaded from the database, or
after some method has been called.
For an API reference, it should be possible to look at whatever's
available, not just what's already in use. A developer uses API
documentation while working on the code, so things that are available
but not used in the current process should be included as well; they
may well be used when the server is restarted, or the developer may
decide not to use it on the basis of the documentation.
This is a tradeoff related to using dynamically-discovered embedded
documentation (at least in Python); without this, we should consider
more traditional static reference documentation.
Using apidoc has the advantage of making ZCML-based connections more
discoverable, and honors the sys.path setting established in
zope.conf. The matter of security tradeoffs should be made clear in
the documentation somewhere, but I think that's all. Documentation
should be clear that apidoc should be disabled on a production server
for this very reason.
-Fred
--
Fred L. Drake, Jr. <fdrake at gmail.com>
Zope Corporation
More information about the Zope3-dev
mailing list