[Zope-dev] Re: [Zope] isecure XML-RPC handling.
Shane Hathaway
shane@zope.com
Thu, 04 Apr 2002 11:23:19 -0500
Rossen Raykov wrote:
> My point was that Zope is revealing internal information that is believed to
> be private and invisible for the Internet users.
> It happens in its default (debug) installation and even after -D option is
> removed from the startup script.
Rossen and others interested in tracebacks,
If you can, please check out the latest Zope from CVS. Tracebacks no
longer appear by default, and even when they do, they do not show any
filesystem paths. (If you already have a checkout, make sure you use
"cvs up -dP" to get the new product.)
To see tracebacks, add a "Site Error Log" to your Zope. After an
exception has occurred, visit it (it's called error_log). It will let
you see the site errors that have occurred recently.
Shane