Re: [Zope] - Authenication problems when on webhost?
On Tue, 08 Dec 1998 15:16:29 "Phillip J. Eby" wrote:
At 01:54 PM 12/8/98 -0600, Jimmie Houchin wrote:
I haven't installed Zope yet. I have been reading the documentation and posts here. There have been a couple of post by Michael Grinder which have not been answered and concern me. Maybe they have not been answered because there isn't a good solution. If that is the case I prefer to know.
For those of us who have to use a webhosting service we are at the mercy of what they (the webhost) will permit and what is required configuration wise by Zope.
Are there any options for configuring for Authorization that can be done by those of us who use a webhosting service?
There are several ISP's whose servers support HTTP_AUTHORIZATION, including Hiway, RapidSite, and a number of regional telcos who outsource their hosting through Hiway/RapidSite. Hiway and RapidSite run an Apache variant known as "RapidSite/Apa-1.2" which was patched to pass through the HTTP_AUTHORIZATION environment variable to CGI scripts. In their CGI environments, all scripts run as the Unix user ID of the customer, so there are no security issues with making HTTP_AUTHORIZATION available.
<insert question> I just learned from my webhost today that: "any cgi script started is under your name, its automatic" I guess this would mean for my situation anyway, that all I need to do is ask whether or not HTTP_AUTHORIZATION is available? If not, would they? Is their a simple way to test if it is already (automatically) available without asking tech support?
This means that ZOPE should run virtually out of the box on a Hiway or RapidSite host. A couple of points to mention, though... Hiway does not allow you to run your own servers, so ZopeHTTPServer is absolutely out. Since Hiway servers are also periodically rebooted for various kinds of maintenance, you cannot rely on such a process staying up indefinitely anyway. This also means you need to be sure if you're using an LRP that it can auto-start from the web.
I know all this stuff because I work for Hiway/RapidSite and have implemented ZPublisher-based internal applications there. I've switched away from using my work e-mail address on the list, however, because I don't want anything I say to be misconstrued as official statements on the part of the company.
Thanks for the reply. I hope any/all site(s) with excellent support for Python/Zope does well and prospers. :) Jimmie Houchin
At 02:51 PM 12/8/98 -0600, Jimmie Houchin wrote:
Is their a simple way to test if it is already (automatically) available without asking tech support?
Yeah. Put a CGI script in a password-protected directory and have it print out the environment. If there's an HTTP_AUTHORIZATION variable that says "Basic" followed by some base64 gibberish, you're in.
This means that ZOPE should run virtually out of the box on a Hiway or RapidSite host. A couple of points to mention, though... Hiway does not allow you to run your own servers, so ZopeHTTPServer is absolutely out. Since Hiway servers are also periodically rebooted for various kinds of maintenance, you cannot rely on such a process staying up indefinitely anyway. This also means you need to be sure if you're using an LRP that it can auto-start from the web.
Thanks for the reply. I hope any/all site(s) with excellent support for Python/Zope does well and prospers. :)
Ugh. You just reminded me... Although I built Python 1.5.1 and it's on all the Hiway/RapidSite servers, and it even includes loadable modules for ExtensionClass and Acquisition, Hiway doesn't give customers access to the IRIX C compiler any more, so you're currently out of luck if you want to use cDocumentTemplate or any of the other new C stuff. When I get out from behind my current backlog I will try to get the binaries up to date and include the good stuff from Zope. Although, in order not to annoy the sysadmins too much, I'll want to keep new-version compilations to a minimum.
participants (2)
-
Jimmie Houchin -
Phillip J. Eby