[Zope] Newbie questions.

Craig H. Rowland crowland@psionic.com
Thu, 11 Mar 1999 16:23:29 -0600 (EST) 

Hello,

I've looked through all the docs, FAQs and threads of the Zope list for
some of these answers and haven't found a clear method described. I'll
apologize now if the questions seem obvious, but I'm new to deploying Zope
on a web server and need some initial Zope setup guidance.


Question 1: 

Under Zope, what is the proper way to configure the website so users can
simply go to http://www.example.com instead of:

http://www.example.com/example
http://www.example.com:9673/
etc.

My understanding is that the mod_rewrite rules will have to come into
effect here. Will I also need to do a re-direct of some type? I need
some way to direct all URL requests so they are re-written to point to the
correct Zope folder. The ideal for me is to have a series of folders in
Zope that contain separate websites. The sites can be virtual hosted as
needed (although right now I'm only running one site). I can't find a
clear description of how to make this happen. Also I don't want to run a
separate Zope process and proxy people to the port. I want to have
everything running on port 80.

I'll have to agree with other posters that a tutorial on the design of
the actual Zope site with Zope would be very helpful as they are using a
layout of html and hierarchy that is very similar to what I'm pursuing. In
fact if someone could provide me with a description of the config they're
using it would be a huge help.


Question 2:

Under .DTML construction of links is it generally considered "better"
Zope practice to reference the entire URL or the Zope object hierarchy
directly?

Question 3: 

I don't want tracebacks to appear under any circumstances to the end
users. I haven't tried anything to counter this yet, but wanted to know
what some others have done. Would an approach to this be a try/except
positioned in the standard_html_header and footer files? Ideally I would
like to catch all exceptions and have it automatically mail the exceptions
to the webmaster instead of showing the user (In fact I think this would
be a good feature for the product). 

Question 4:

Has anyone pursued a security audit of the Zope code? I've been
considering doing this (not that I don't trust the Zope developers,
it's just that I don't trust anyone) and would like to work with
others if possible. Several of the sites I admin get hacked on very
frequently and I'm a little nervous about replacing static web pages with
no CGI running anywhere with the exact opposite end of the spectrum with
Zope. :) 

I'm also going to prepare a document describing how to run Zope
in a chroot() environment under UNIX to increase security. I'll let the
list know when it is complete.

Thank you for any responses,

-- Craig