[Zope-dev] Re: [Zope] isecure XML-RPC handling.

[Shane Hathaway]

Rossen Raykov wrote:
> My point was that Zope is revealing internal information that is believed to
> be private and invisible for the Internet users.
> It happens in its default (debug) installation and even after -D option is
> removed from the startup script.

Rossen and others interested in tracebacks,

If you can, please check out the latest Zope from CVS.  Tracebacks no 
longer appear by default, and even when they do, they do not show any 
filesystem paths.  (If you already have a checkout, make sure you use 
"cvs up -dP" to get the new product.)

To see tracebacks, add a "Site Error Log" to your Zope.  After an 
exception has occurred, visit it (it's called error_log).  It will let 
you see the site errors that have occurred recently.

Shane