Shane Hathaway wrote:
[...] PDV just yields information you might give out anyway. But maybe we could deal with it anyway by writing an "error.log" instead of sending the traceback to the browser. What do you think?
I think it's fine, but only if specified on the z2.py cmdline or other configuration equivalent (--paranoid or PARANOID="yes, please!" come to mind :-). But I guess that goes without saying. Alternatively (or concurrently) we could reformat the traceback to report file names relative to Zope instalation directory (or to INSTANCE_HOME) instead of reporting the absolute filename. In this case the only leaked information is of the kind an attacker could easily obtain from downloading Zope source code, which, last time I looked, was available for all those damned script kiddies to download. Damn these opensource projects who keep posting their source code allowing Hackers(TM) to look at its vulnerabilities :-) Cheers, Leo