[Zope] Recursive aquisition: good or bad?

Michel Pelletier michel@digicool.com
Mon, 7 Jun 1999 14:49:29 -0400


> -----Original Message-----
> From: Tom Schwaller [mailto:Tom.Schwaller@linux-magazin.de]
> Sent: Monday, June 07, 1999 5:19 PM
> To: zope@zope.org
> Subject: [Zope] Recursive aquisition: good or bad?
> 
> 
> Hi all,
> 
> during the last 2 weeks I faced a massive
> performance problem with Zope because of
> a mistake I made setting relative links 
> instead of absolute ones. I got things like:
> 
> /change/change/all/update/search/change
> 
> (different menu items clicked one after the other).
> Zope caches all this paths (is that correct?),
> so after a while Zope was very slow 

Hmm.. this was a performance problem?  I would guess it wouldn't be that
much of a problem unless your paths got REALLY big.

> (many people working with the pages quite a lot, 
> during a hot production phase, so I got many
> different paths. Clearing the cache or restarting 
> Zope "fixed" the problem)
> 
> After that I detected machines calling objects like
> 
> /issue1/article1/issue2/article3/news/index_html?newsid=500
> 
> although this kind of links do not appear when just surfing around
> (looks like search engines doing bad things)
> 
> So my question is: Is a link like
> 
http://www.zope.org/Documentation/Information/Community/Information/QA

> (which works) a feature or a bug of Zope?

It's 'featurish'.  This kind of thing falls under the feature/bug
anti-duality law.  It's not a bug, because it's doing exactly the right
thing, it's not a feature, because it's generally not very useful.  I
can imagine a situation somewhere in which it is useful (don't call my
bluff) but I can also easily immagine situations in which it's not very
useful at all (below).

> The problem is, that nobody can forbid people to call such links,
> which is the problem I am facing right now (They just do it!).
> At least things like 
>
> /Documentation/Documentation/Documentation/Documentation

You can't forbid people, no, but you can prevent such paths from being
constructed from *your* code.  I don't think there is any kind of Denial
of Server attack possible from this, a mild annoyance at best.

> should not be allowed or did I miss some Zope Zen?

I think it should be allowed, and that the Zen be elaborated on a bit.
You shouldn't design your site so that these things occur unless you
really want it.

-Michel