[Zope-dev] Zope logic
Wei He
hewei@mail.ied.ac.cn
Thu, 30 May 2002 14:17:53 +0800 (CST)
On Thu, 30 May 2002, Chris Withers wrote:
> > People will be really confused to see such results:
> >
> > http://www.zope.org/Documentation/ZopeBook/Documentation
> > http://www.zope.org/Images
>
> Why would they see such URLs?
Normally would not. But if I know such a site is managed by Zope, I can
easily find such a URL with dead loops. I don't know how search engines
like Google handles this situation, at least it will cause unnecessary
traffic to the site once a bad guy just simply publish the URL on their
own page.
I'm a little bit new to Zope. I don't yet have a lot of my own objects
created under Zope. But I think there might be some objects like
methods or scripts that is URL-sensitive. It will adds lots of
tasks to the script itself to filter off unexpected request URLs to avoid
generating errors that may turn into security holes.
>
> > Is there a way to setup an object to be uninheritable or as private to
> > avoid this logic? Or maybe we should workout a way to do so.
>
> If you're interested, take a look at Zope 3. However, in your case, you probably
> need to worry more about why you're generating URLs like the ones above rather
> than the fact that it is possible to do so.
Hackers everywhere. :)
Wei He