Michael wrote:
On Mon, 19 Nov 2001, emf wrote:
IMHO, you'll probably regret this :)
Considering your warning, I have to ask, are there any other options? What do others do on a production site, just allow users to view their directory structure? Wouldn't this be somewhat of a security hole? I don't mind having a traceback for internal purposes, I just don't want users to have the ability to see it.
well, the patch I gave you will not override traceback if the -D flag is turned on. You could patch it more extensively and make it email or log the traceback, if you liked. I'm not convinced it's that much of a security risk, to be honest. Indeed, "send me the error page" has been a good thing for me more than once. Basically, if your security depends on users not being able to see your directory structure, you've got big concerns that won't be addressed by hiding the traceback. HTH, -- ethan mindlace fremen | iMeme - The most full featured Zope Host http://mindlace.net | Root, ZEO, MySQL, Mailman, Unlimited Domains iMeme Partner | http://iMeme.net "It is our desire to remain what we are that limits us. -- Project 2501"