Zope and clients - debug info
Hi ! My question is that: I have a zope site. It ins intra, but in the future we want to publish in internet. For make the development more simple ("simpler" ?), I check the REMOTE_ADDR. If it is a special intra address (exm: 192.168.3.8), or it is localhost, the I show special elements (request datas, and in std_err_msg I show the traceback). These informations are hot infos (the traceback is show the object's real position !). So I don't want to publish to anybody, only to me. (Because my home machine is not in network, I must use the localhost, when I working at home). But: I think, that is possible to anybody, who have a redirector utility, or iptables, to map his localhost to my server. (Redirect it: iptables 127.0.0.1:80->http://myserverinnet). It is possible ? If it is happened, how the REMOTE_ADDR filled by zope ? I afraid to when it is happened, and REMOTE_ADDR is showed as localhost Then my site is thinking about client that he is developer, and show the hot debug infos. Please help me in this. Thanx for it: kk
Hi, On Fri, 2004-09-24 at 10:36, kepes.krisztian wrote:
Hi !
My question is that: I have a zope site. It ins intra, but in the future we want to publish in internet. For make the development more simple ("simpler" ?), I check the REMOTE_ADDR. If it is a special intra address (exm: 192.168.3.8), or it is localhost, the I show special elements (request datas, and in std_err_msg I show the traceback).
These informations are hot infos (the traceback is show the object's real position !).
So I don't want to publish to anybody, only to me.
(Because my home machine is not in network, I must use the localhost, when I working at home).
But: I think, that is possible to anybody, who have a redirector utility, or iptables, to map his localhost to my server. (Redirect it: iptables 127.0.0.1:80->http://myserverinnet).
Not thats not possible.
It is possible ? If it is happened, how the REMOTE_ADDR filled by zope ?
The remote address is the address of the other end of the connection. So whatever connects to your zope server is the other end. From viewpoint of your server there is only one localhost = 127.0.0.1 that is its own localhost. (Unless your network setup is horrible borken) If someone fakes a connection with source-address 127.0.0.1 he will never get the answer packets from your server because they will be routed to loopback device. The only way to appear as localhost to the server is by actually issuing the connection from there. Like working on the console or using a tunnel. (And if someone is able to establish a tunnel to your server you have a lot more problems ;)
I afraid to when it is happened, and REMOTE_ADDR is showed as localhost Then my site is thinking about client that he is developer, and show the hot debug infos.
Dont confuse it with target (virtual) host, which appears in your browser address list. (See rfc2616) IMHO a better solution for you would be to look into the permissions of the actual logged in user. And if (s)he has permission (like you with role manager) it should show more details. Regards Tino
participants (2)
-
kepes.krisztian -
Tino Wildenhain