Romain Slootmaekers wrote:
This is a pain, Xron tries to invoke the actions from the front side of zope, ie by issuing a HTTP request. since we use a Zope+Apache http&https setup, we just hacked Xron to rewrite the urls to http://127.0.0.1:8080/......
Another problem of Xron using standard http access is that you can't use authentication -- at least I could not figure out, how to add a user name and password to the http request issued by Xron. Ok, restricting access to localhost for the "page" requested by Xron can perhaps close this security hole in many circumstances, but while playing with Xron I felt a bit uncomfortable imagining that a melevolent user could easily screw up things like timed publication or removal of a certain page... Abel