[Zope-dev] Re: [Zope] isecure XML-RPC handling.

Dieter Maurer dieter@handshake.de
Fri, 5 Apr 2002 20:26:50 +0200


Rossen Raykov writes:
 > ...
 > 1. the server log
 > 2. the output to the client.
 > ...
 > In the second case it is better if Zope is returning just the error or the
 > response.
 > In the XML-RPC case the error have to be a valid XML-RPC response, not a
 > stack trace.
Thus, this may mean an exception with an XML-quoted stack trace.
 > I can get that a stack trace may be extremely useful for a developer but
 > cant he see the server's error log?
There are two reasons, I prefer the stack trace in the response:

  *  the immediate correspondence between the request and the
     response containing essential information to analyse the problem

  *  newbies

     Even with the stack trace immediately in the response, they
     report problems with no or missing essential details about
     the problem.

     This will become worse when the error information is hidden
     in a log.

 > BW if a program is expecting XML-RPC response but it is receiving stack
 > trace it may be a little confusing (especially for a not so well written
 > program ;).
 > Zope first have to conform the protocol for XML-RPC exchange (return XML
 > response) and after that to sweet the developers (dump error in the server's
 > log).
Okay!


Dieter