On Fri, Jan 11, 2002 at 10:31:41AM +0200, Max Ischenko wrote:
Because it is written in Python, you may have an easier time integrating it in Zope.
How's that?
You may be able to integrate ViewCVS a s a Product into Zope, I meant. This in contrast to calling ViewCVS as an external program.
Note however that Zope runs as an anonymous user as well, and that switching to other users may not be feasable. You would do better adding a special user to all groups that exist in the repository, such that the CGI user can read all CVS files.
I was thinking about using sudo to execute cvsweb or maybe just set it suid root.
Which has it's own risks of course. However much I trust Greg Stein and his code, if there is a security hole in ViewCVS that can be exploited this way, you are toast. -- Martijn Pieters | Software Engineer mailto:mj@zope.com | Zope Corporation http://www.zope.com/ | Creators of Zope http://www.zope.org/ ---------------------------------------------