Hi all, I want to give out another error message (not the standard error message) when logging was without success. Zope Error Zope has encountered an error while publishing this resource. Unauthorized You are not authorized to access this resource. No Authorization header found. Traceback (innermost last): File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 214, in publish_module File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 179, in publish File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 151, in publish File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/BaseRequest.py, line 446, in traverse File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/HTTPResponse.py, line 551, in unauthorized Unauthorized: (see above) -------------------------------------------------------------------------- Troubleshooting Suggestions a.. The URL may be incorrect. b.. The parameters passed to this resource may be incorrect. c.. A resource that this resource relies on may be encountering an error. For more detailed information about the error, please refer to the HTML source for this page. If the error persists please contact the site maintainer. Thank you for your patience. how can I mange this. I tryed it with the standard_error_message: <dtml-if "error_type == 'Unauthorized'"> <dtml-return standard_Unauthorized_html> </dtml-if> but that doesen´t work. Any ideas? Jens
Some errors do not get caught by the standard_error_message and there are very good reasons for that. The easiest way to do it so far is to hack the source code where that message is printed to produce something nice. ----- Original Message ----- From: "jensebaer" <jensebaer@hotmail.com> To: <zope@zope.org> Sent: Thursday, September 28, 2000 10:00 AM Subject: [Zope] How to change Unauthorized error message? Hi all, I want to give out another error message (not the standard error message) when logging was without success. Zope Error Zope has encountered an error while publishing this resource. Unauthorized You are not authorized to access this resource. No Authorization header found. Traceback (innermost last): File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 214, in publish_module File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 179, in publish File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/Publish.py, line 151, in publish File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/BaseRequest.py, line 446, in traverse File /home/zope/Zope-2.1.6-src/lib/python/ZPublisher/HTTPResponse.py, line 551, in unauthorized Unauthorized: (see above) -------------------------------------------------------------------------- Troubleshooting Suggestions a.. The URL may be incorrect. b.. The parameters passed to this resource may be incorrect. c.. A resource that this resource relies on may be encountering an error. For more detailed information about the error, please refer to the HTML source for this page. If the error persists please contact the site maintainer. Thank you for your patience. how can I mange this. I tryed it with the standard_error_message: <dtml-if "error_type == 'Unauthorized'"> <dtml-return standard_Unauthorized_html> </dtml-if> but that doesen´t work. Any ideas? Jens
Andy McKay wrote:
Some errors do not get caught by the standard_error_message and there are very good reasons for that.
Oh really? ;-)
The easiest way to do it so far is to hack the source code where that message is printed to produce something nice.
Hmmm... not pretty, especially if you have more than one site on your instance of Zope... cheers, Chris
Andy McKay wrote:
Some errors do not get caught by the standard_error_message and there
are
very good reasons for that.
Oh really? ;-)
Well if an anonymous user was allowed access to none of your site except standard_error_message that would sound like a security hole some person with a warped mind on these issues could use. You could make a special object standard_error_message of course. There's a project for you Chris (is if you havent got enough to do).
The easiest way to do it so far is to hack the source code where that message is printed to produce something nice.
Hmmm... not pretty, especially if you have more than one site on your instance of Zope...
Agreed.
cheers,
Chris
Andy McKay wrote:
Well if an anonymous user was allowed access to none of your site except standard_error_message that would sound like a security hole some person with a warped mind on these issues could use.
I don't think so... the site designer just has to remember that object is anonymously viewable, as with any other anonymously viewable object. If it's not anonymously viewable, fair enough, throw the hard coded error _saying_ standard_error_message wasn't viewable by anonymous... ...besides, telling them the path where Zope is installed on your server, which the error message does, is probably a much worse security 'hole'. I don't like the way Zope does this for _all_ standard_html_error's, especially as it tacks the error on the end of the HTML in production mode, thus generating technically incorrect HTML (I think? ;-) cheers, Chris
Andy McKay wrote:
Well if an anonymous user was allowed access to none of your site except standard_error_message that would sound like a security hole some person with a warped mind on these issues could use.
I don't think so... the site designer just has to remember that object is anonymously viewable, as with any other anonymously viewable object. If it's not anonymously viewable, fair enough, throw the hard coded error _saying_ standard_error_message wasn't viewable by anonymous...
Sure I suppose. How of course to implement this is another issue, as errors get thrown up to /lib/python/ZPublisher/HTTPResponse.py and it would be get to trap them before then. But Im just coming off your last suggestion regarding exporting folders with no subobjects and dont want to dive back into Zope internals until my brain has stopped hurting :)
...besides, telling them the path where Zope is installed on your server, which the error message does, is probably a much worse security 'hole'.
I don't like the way Zope does this for _all_ standard_html_error's, especially as it tacks the error on the end of the HTML in production mode, thus generating technically incorrect HTML (I think? ;-)
Absolutely, not just that its incorrect HTML, but also that it can expose implementation issues such as oh that site GUF, I know a hole there...
cheers,
Chris
Andy McKay wrote:
Sure I suppose. How of course to implement this is another issue, as errors get thrown up to /lib/python/ZPublisher/HTTPResponse.py and it would be get to trap them before then.
Well, that's what Tres Seaver thought: http://classic.zope.org:8080/Collector/1049/view (he makes some good points about string exceptions too...) However, Jim Fulton though it would be possible: http://classic.zope.org:8080/Collector/1298/view Sadly, no progress seems to have been made :-(
I don't like the way Zope does this for _all_ standard_html_error's, especially as it tacks the error on the end of the HTML in production mode, thus generating technically incorrect HTML (I think? ;-)
Absolutely, not just that its incorrect HTML, but also that it can expose implementation issues such as oh that site GUF, I know a hole there...
...nice... Chris
participants (4)
-
Andy McKay -
Chris Withers -
Chris Withers -
jensebaer