[Zope-dev] 2.5.0b4: how to deadlock/DoS your Data.fs

Jens Vagelpohl jens@zope.com
Tue, 22 Jan 2002 07:47:22 -0500 

you're explaining the symptoms again, but i think the main issue here is 
about reading the documentation.

take SiteRoot as an example. i type "siteroot" into the searchbox at zope.
org and already the first two hits talk about the _SUPPRESS_SITEROOT thing,
  the second one with an example even and telling byou to do this if you 
lock yourself out. so the documentation is available.

as far as the Virtual Host Monster goes, it only "reacts" when it sees 
specially rewritten URLs that ususally get set in your apache 
configuration. it does not do anything if your zope itself listens on a 
HTTP port and you enter the management interface that way.

just like with anything else, a software author cannot prevent people from 
shooting themselves in the foot if they don't know what it is that they 
are installing or how it really works.

jens


On Tuesday, January 22, 2002, at 01:53 , Pierre Fortin wrote:

> Well... pointing my browser to http://localhost:8080/manage gives errors
> due to everything getting re-written to entities which don't exist yet;
> the frameset's three frames point> > to
> http://localhost:8080/<fubar>/manage* which are not setup.
>             ^^^^^^^               ^^^^^^^^^^^^^ My point is that it is way
> too easy to (yes) "toast" your ZODB as a result.  In other words,
> inability to access the manage page is equivalent to a toasted ZODB since
> there is no [visible] way back in...  the manage page is no longer
> accessible if the first thing I do is add a VHM or SiteRoot...
>
> Injecting a rewrite rule between the browser and Zope's
> http://localhost:8080/manage won't help when going directly to
> http://localhost:8080/manage gives errors which prevent doing anything
> else to the ZODB; but hey...  I'm re-learning Zope (which didn't have VHM
> back then, IIRC), and being unable to access the ZODB after adding a
> single item to a virgin copy is not a very friendly loophole, IMHO.
>
> Even following http://www.zope.org/Members/Jace/apache-vhm appears to
> assume that a Zope site already exists...  am I wrong...?
>
> BTW, did you really mean "suppress"?  If so, I haven't found that yet...
> (pointer?)  If not, see above.
>
> http://www.zope.org/DocProjects/AdminGuide/Project/FrontPage states
> "Complex software without documentation is hard to sell someone on, IMHO.
> --willdawg" which kinda says it all...
>
> If the above results in unusable ZODB; why should I waste my time building
> content if my first experience is to lose access to the ZODB..?  The way 
> I
> see it right now is that my confidence in Zope has been shot down by a
> rather simple setup attempt locking me out...
>
> [It's late, I'm really tired; so hope this makes some sense...]
>
> Pierre
>
>
>
> On Tue, 22 Jan 2002 00:18:56 -0500
> Jens Vagelpohl <jens@zope.com> wrote:
>
>> did you read the documentation that explains how to suppress e.g. site
>> roots by inserting certain names into the URL?
>>
>> installing site roots or virtual host monsters does not "toast" any
> ZODB.>
>> jens
>>
>>
>> On Tuesday, January 22, 2002, at 12:10 , Pierre Fortin wrote:
>>
>>> Hi,
>>>
>>> I've been away from Zope for nearly two years and thought I'd give
> 2.5.0b4> > a whirl...  instead, it's giving me a spinning head...
>>>
>>> I have multiple sites and would like to give Zope another try...
>>>
>>> When I first go into Zope at localhost:8080/manage, the first thing I
>>> tried was to add a VirtualHostMonster (specifying all the fields)...
> Big> > mistake #1...  the Data.fs is toast -- no way to access it...
>>>
>>> Re-install and try again...
>>>
>>> This time, I try SiteRoot, specifying the fields:
>>>   pfortin.com
>>>   http://pfortin.com/
>>>   /Z
>>> Big mistake #2!
>>>
>>> Re-install and try again...
>>>
>>> This time, I do the same thing; but without specifying a
>>> Base...  Big mistake #3!
>>>
>>> In every case, I was left with an unusable Data.fs because the
>>> http://localhost:8080/manage page was now pointing to non-existent
> data..> > .
>>>
>>> I'm off to do some more reading; but the intent was to try to setup 2
>>> virtual hosts on localhost:8080 without disturbing the running hosts
> on> > port 80...  but I ended up with deadlocked files since main screen
> points> > to http://localhost:8080/<fubar>/manage* which are not setup.
>>>
>>> Pierre
>>>
>>> _______________________________________________
>>> Zope-Dev maillist  -  Zope-Dev@zope.org
>>> http://lists.zope.org/mailman/listinfo/zope-dev
>>> **  No cross posts or HTML encoding!  **
>>> (Related lists -
>>>  http://lists.zope.org/mailman/listinfo/zope-announce
>>>  http://lists.zope.org/mailman/listinfo/zope )
>>
>>
>> _______________________________________________
>> Zope-Dev maillist  -  Zope-Dev@zope.org
>> http://lists.zope.org/mailman/listinfo/zope-dev
>> **  No cross posts or HTML encoding!  **
>> (Related lists -
>>  http://lists.zope.org/mailman/listinfo/zope-announce
>>  http://lists.zope.org/mailman/listinfo/zope )
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )