On Mon, Jul 29, 2002 at 05:18:19PM -0400, Chris McDonough wrote:
I sympathize with this, it's a real job keeping up with Zope developments. But one person every couple of days locks themselves out of their site using a SiteRoot, and runs screaming to this list. ;-) Evan or someone else usually talks them down from the tower in gentle tones, but it's still... well, it's annoying. This is why VirtualHostMonsters are better.. they're inert unless you actually use them. And they do everything that SiteRoots do.
Personally, I want to nuke SiteRoots out of Zope but I don't think it's going to happen (because lots of folks use and like them), so no worries in any case. They're going to stay around, probably until the bits fall out of them. We'll just need to prop Evan and a couple of other folks up in front of their PCs 24x7 to deal with the poor souls who innocently fill out a form and then find they can no longer access any of their data. ;-)
How about a check to prevent them from being installed in Zope's root directory? Then people could get to the undo tab without any real effort. It is kind of a pet peeve that there is not a section in the book about "Best Practices" (gad, I hate that term). Anyway, it would seem to me to be a best practice that Zope's root be open only to your most trusted administrators, contain anything that is security conscious (database connectors spring to mind), and not contain anything that can lock you out of your site (siteroots, VHMs, and third party user folders spring to mind.) Jim Penny
- C