Jim, It wouldn't be hard to modify ZScheduler to utilize some SSL-capable client program instead of Client.py. There are just three lines in ZScheduler/Dispatcher.py that deal with the client interface (search for 'client'). You might also have to munge the URL that you feed to the client program (to get https:// instead of http://). (Hmmm. Not even MS Outlook is SSL aware.) What that client program might be, I don't know. But I wouldn't be surprised if to find that you could call MSIE or Navigator or Mozilla with a command-line interface. Does anyone else have any experience with this? If there is a generally available solution to this SSL client problem, I wouldn't mind building it into ZScheduler as an option. At the very least, I could encapsulate the client interface in a separate module. Then you could conveniently replace that module with your own. -- Loren ----- Original Message ----- From: "Jim Sanford" <jsanford@atinucleus.com> To: "Loren Stafford" <lstaffor@dynalogic.com> Sent: July 31, 2000 07:03 AM Subject: Re: ZScheduler and SSL [was: Zope.org feedback]
Every link is hard coded and is fully qualified so I don't use absolute_url in any of my code. What Zope does is beyond my knowledge.
I access Zope via PCGI behind MS IIS 4.0 and have had no other problems with SSL. Speed is not a problem because we have a accelerator card that handles the SSL number crunching.
Looks like I will have to figure out a way to handle scheduled events (primarily executing reports and emailing them to different list sof people, primarily management types.) Probably with an external method.
Jim
----- Original Message ----- From: "Loren Stafford" <lstaffor@dynalogic.com> To: "Jim Sanford" <jsanford@atinucleus.com> Sent: Sunday, July 30, 2000 4:48 PM Subject: ZScheduler and SSL [was: Zope.org feedback]
Have you run into other problems with Zope and SSL? For example, the absolute_url method -- does it it always return http://something or does it return the same protocol specifier used for the request?
I ask, because ZScheduler depends on absolute_url. I also wonder whether the value of absolute_url will always be correct for ZScheduler purposes in virtual-hosting environments.
-- Loren
----- Original Message ----- From: "Jim Sanford" <jsanford@atinucleus.com> To: "Loren Stafford" <lstaffor@dynalogic.com>; "Zope List" <zope@zope.org> Sent: July 28, 2000 03:39 PM Subject: Re: Zope.org feedback
We have no http access to our site.
It is a corporate Client Relationship Management, Job Tracking and Order Processing, Production and Tracking system that is accessed from all over the world.
I will send this to the list to see if any one else can provide help.
----- Original Message ----- From: Loren Stafford <lstaffor@dynalogic.com> To: Jim Sanford <jsanford@atinucleus.com> Sent: Friday, July 28, 2000 5:14 PM Subject: Re: Zope.org feedback
URL: http://www.zope.org/Members/lstaffor ZScheduler uses Client.py.
Would it be correct to say that if my entire site is only accessible via SSL (https) that ZScheduler will not work?
I hadn't thought about this before, so you probably know more about it than I do. But given that the python lib that Client.py uses for http (httplib.py) doesn't support https, then you're right.
Solutions?
1. Permit http traffic to your site if it comes fromt the same IP and is for URLs that end in "/trigger". I suppose that IP spoofing makes this something of a security hole. How bad?
2. Enhance either Client.py or httplib.py to support at least enough https to get the job done. I know nothing about this. Is it reasonably doable? Is there a Zopista willing and able to do it?
3. ....?
-- Loren