he's testing against zope.org and the traceback is enclosed html comments, which probably does mean it is debug mode. as for the concerns... i leave that to others. -k On Tuesday 02 April 2002 12:18 pm, Chris McDonough wrote:
You are running Zope in debug mode (with the -D switch in the "start" file). This is the default. Please try running Zope in non-debug mode (remove the -D switch) and try this again.
----- Original Message ----- From: "Rossen Raykov" <raikovr@yahoo.com> To: <zope-dev@zope.org> Cc: <klm@zope.com>; <zope@zope.org> Sent: Tuesday, April 02, 2002 2:33 PM Subject: [Zope] isecure XML-RPC handling.
Zope is not handling correct XML-RPC request.
Even the example from http://www.zope.org/Members/Amos/XML-RPC is not working.
Even worst if a request like this one in the quoted example is send to the web server it will report information about the local server installation and the internal network.
Included are a request and response to www.zope.org.
As one may see the server is installed in /usr/local/base/Zope-2.3.2-modified/ and it rely on 10.0.11.3:1380 for request processing.
All this may be useful debug information but it is not acceptable for a production server!
I'm not familiar with Zope and I cannot say is it only a configuration problem or it is a problem in the code.
I do not have time to investigate that but a similar result may be
achieved
with the distribution offered for download.
Please let me know if I have to send this bug information to some one
else.
I would like to be informed and when this issue is resolved so I can announce it on Bug-Traq.
Regards, Rossen Raykov
<cut here> $ telnet www.zope.org 80 Trying 63.102.49.33... Connected to www.zope.org. Escape character is '^]'. POST /Foo/Bar/MyFolder HTTP/1.0 Content-Type: text/xml Content-length: 95
<?xml version="1.0"?> <methodCall> <methodName>objectIds</methodName> <params/> </methodCall>
HTTP/1.0 500 Internal Server Error Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2)