[Zope] Traceback? Codechange!

[Marcus Collins]

> -----Original Message-----
> From: Tino Wildenhain [mailto:tino@wildenhain.de]
> Sent: 29 May 2000 15:44
> To: Marcus Collins
> Cc: 'Chris Withers'; Martijn Pieters; Patrick J.M. Keane; 
> zope@zope.org
> Subject: Re: [Zope] Traceback? Codechange!
> 
> Hi,
 
[...]

> This is very ugly imho. It schould be sufficient, if one includes the
> traceback-variable into the standard-error where its appropriate.
> In the current implementation it will break the HTML-standard with
> code outside <HTML></HTML> and additionally makes it impossible to get
> error-messages to picky browsers, such as WAP-devices.

I second this -- despite the traceback being sometimes crucial to debug
errors, its inclusion after the closing HTML tag goes against the standard.
Furthermore, the traceback *could* sometimes be considered to pose a
security risk, since it exposes the names of methods in the call stack, some
of which should not necessarily be callable through the web. Or am I just
being paranoid?

> Is it ok if we remove these lines?

I think there should be a knob to turn it off... and not for the whole site,
but for a subtree (perhaps even on a folder-by-folder basis). That way, the
folks who develop and deploy on a single Zope server (does anyone do this?)
can keep their tracebacks on sites under development, but get rid of them on
live sites.
 
> Do I have to copy this message to the collector and wait for 
> a couple of months or can we do it instantly? ;-)

*grin*

> Regards
> Tino Wildenhain

-- Marcus