md5 routines inside python script does not work!
Hi folks! I facedd with a strange zope behavior. i am trying to get a digest for a string, using md5 routines, but zope request to provided (again) with a user/password. What i cannot understand is that i logged in with a manager account. Here is the script: import random, string, md5 def strrnd(nlen = 24) : result = '' while nlen : nlen -= 1 result += random.choice(string.hexdigits) return result a = md5.new(strrnd() + icn + container.REQUEST.environ['HTTP_USER_AGENT'] + container.REQUEST.environ['REMOTE_ADDR']) return a.hexdigest() Since zope ask again and again for a user/password i hit cancel and the html returned is: May some one PLEASE help me correct the problem? Thanks A LOT for your time and cooperation. <HTML> <HEAD><TITLE>Site Error</TITLE></HEAD> <BODY> <TABLE BORDER="0" WIDTH="100%"> <TR VALIGN="TOP"> <TD WIDTH="10%" ALIGN="CENTER"> </TD> <TD WIDTH="90%"> <H2>Site Error</H2> <P>An error was encountered while publishing this resource. </P> <P><STRONG>Unauthorized</STRONG></P> Sorry, a site error occurred.<p> <!-- Traceback (innermost last): File /usr/home/zope/Zope/lib/python/ZPublisher/Publish.py, line 223, in publish_module File /usr/home/zope/Zope/lib/python/ZPublisher/Publish.py, line 187, in publish File /usr/home/zope/Zope/lib/python/ZPublisher/Publish.py, line 171, in publish File /usr/home/zope/Zope/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: pySessionSet) File /usr/home/zope/Zope/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: pySessionSet) File /usr/home/zope/Zope/lib/python/Shared/DC/Scripts/Bindings.py, line 324, in __call__ (Object: pySessionSet) File /usr/home/zope/Zope/lib/python/Shared/DC/Scripts/Bindings.py, line 354, in _bindAndExec (Object: pySessionSet) File /usr/home/zope/Zope/lib/python/Products/PythonScripts/PythonScript.py, line 362, in _exec (Object: pySessionSet) (Info: ({'script': <PythonScript instance at 89c2d40>, 'context': <Folder instance at 89c2900>, 'container': <Folder instance at 89c2900>, 'traverse_subpath': []}, ('df',), {}, None)) File Script (Python), line 10, in pySessionSet File /usr/home/zope/Zope/lib/python/AccessControl/ZopeGuards.py, line 122, in guarded_getattr (Object: md5) File /usr/home/zope/Zope/lib/python/AccessControl/SecurityManager.py, line 149, in validate File /usr/home/zope/Zope/lib/python/AccessControl/ZopeSecurityPolicy.py, line 172, in validate Unauthorized: new --> <HR NOSHADE> <P>Troubleshooting Suggestions</P> <UL> <LI>The URL may be incorrect.</LI> <LI>The parameters passed to this resource may be incorrect.</LI> <LI>A resource that this resource relies on may be encountering an error.</LI> </UL> <P>For more detailed information about the error, please refer to the HTML source for this page. </P> <P>If the error persists please contact the site maintainer. Thank you for your patience. </P> </TD></TR> </TABLE> </BODY> </HTML> -- There are no physicists in the hottest parts of hell, because the existence of a "hottest part" implies a temperature difference, and any marginally competent physicist would immediately use this to run a heat engine and make some other part of hell comfortably cool. This is obviously impossible. -- Richard Davisson
On 20/7/01 9:02 pm, "Gustavo Vieira Goncalves Coelho Rios" <gustavo@ifour.com.br> wrote:
Hi folks!
I facedd with a strange zope behavior.
i am trying to get a digest for a string, using md5 routines, but zope request to provided (again) with a user/password. What i cannot understand is that i logged in with a manager account.
Here is the script:
import random, string, md5
def strrnd(nlen = 24) : result = '' while nlen : nlen -= 1 result += random.choice(string.hexdigits) return result
a = md5.new(strrnd() + icn + container.REQUEST.environ['HTTP_USER_AGENT'] + container.REQUEST.environ['REMOTE_ADDR'])
return a.hexdigest()
Since zope ask again and again for a user/password i hit cancel and the html returned is:
May some one PLEASE help me correct the problem?
Thanks A LOT for your time and cooperation.
Ok, since you seem desperate! :)
File /usr/home/zope/Zope/lib/python/Products/PythonScripts/PythonScript.py, line 362, in _exec (Object: pySessionSet) (Info: ({'script': <PythonScript instance at 89c2d40>, 'context': <Folder instance at 89c2900>, 'container': <Folder instance at 89c2900>, 'traverse_subpath': []}, ('df',), {}, None)) File Script (Python), line 10, in pySessionSet File /usr/home/zope/Zope/lib/python/AccessControl/ZopeGuards.py, line 122, in guarded_getattr (Object: md5) File /usr/home/zope/Zope/lib/python/AccessControl/SecurityManager.py, line 149, in validate File /usr/home/zope/Zope/lib/python/AccessControl/ZopeSecurityPolicy.py, line 172, in validate Unauthorized: new
That's your problem - 'new' is not allowed in PythonScripts. There is machinery that will allow you to add 'md5' to the list of 'ok' modules for inclusion in a PythonScript, but you'll need to read up on how to do it - I dunno how to. In any case, it's the 'new' that's causing the problem, not md5. And the solution?.... Use an external method, they can do *anything* that the userid Zope is running under, including writing and deleting files. You'll find that md5 will work too. Hth Tone. -- Dr Tony McDonald, Assistant Director, FMCC, http://www.fmcc.org.uk/ The Medical School, Newcastle University Tel: +44 191 243 6140 A Zope list for UK HE/FE http://www.fmcc.org.uk/mailman/listinfo/zope
Gustavo Vieira Goncalves Coelho Rios writes:
i am trying to get a digest for a string, using md5 routines, but zope request to provided (again) with a user/password. What i cannot understand is that i logged in with a manager account. You try to use a function without explicit security declaration.
This is impossible in DTML, Python Script, ZPT and other TTW (Through The Web) context. Search the searchable mailing list archives for "ModuleSecurityInfo" to learn how to provide explicit security declaration or follow an advice you already got: use an External Method. Dieter
participants (3)
-
Dieter Maurer -
Gustavo Vieira Goncalves Coelho Rios -
Tony McDonald