[Zope-dev] Idea: User Product Folder
Casey Duncan
c.duncan@nlada.org
Mon, 19 Nov 2001 09:12:10 -0500
This is more of an idea than a proposal at this point, so I thought I would
post it here for discussion. There is a fishbowl project for creating an
automated Product installation system. Something like Debian and FreeBSD
have. Now, one of the issues that has been raised is whether you could make
it so that Products could be installed TTW.
As it stands right now, that is not possible since the Zope system user
generally would not (and should not) have write access to the Products
directory. It also seems there is some doubt as to the merit of TTW product
installation. Well, speaking from a human interface perspective, I think a
TTW interface for product management would be a good thing[tm] and could be a
"bullet point" feature for zope. It would also be useful in making Zope
slightly easier for hosting services to deal with. You wouldn't have deal
with the shell and therefore it would be greatly more accessible. It would
also make "trying out zope" easier and more fun for newbies and damn it,
making Zope more fun is what I'm all about 8^)
This morning I thought of one potential solution to this whole Product folder
write access thing. There needs to be two types of product folders. The
standard type, which would continue to work as we have come to know it and a
"User Product" directory which would be writable from inside Zope. Now there
would be at least two important restrictions on products in the "User
Product" directory:
1. Installation of a User Product could not add or change files in the Zope
core.
2. User Products can not "Monkey Patch" Zope.
Restriction 1 is implicit and doesn't take any additional steps other than
setting the Zope lib directory read-only from inside Zope.
Restriction 2 is there to protect against trojan products that could easily
expose restricted methods and attributes to the web or create deliberate
security holes. Now obviously this doesn't prevent this from happening other
ways, so this may not be sufficient. How to impose this restriction is not
entirely clear to me, but it seems that there should be some way to do it in
Python 2.2.
Another possible but more severe restriction would be that "User Products"
could not access certain attributes like "aq_base" or the like and would be
subject to stringent security checking on attribute access. Whether that
would be necessary I guess is one of the points of this discussion. Again, we
may have to wait for Py 2.2 to make this happen.
Now, once there is a "User Products" folder an infrastructure would need to
be setup so that products could be downloaded in installed TTW. But that is
another story...
Whaddaya think?
/---------------------------------------------------\
Casey Duncan, Sr. Web Developer
National Legal Aid and Defender Association
c.duncan@nlada.org
\---------------------------------------------------/