[Zope] md5 routines inside python script does not work!

Tony McDonald tony.mcdonald@ncl.ac.uk
Sat, 21 Jul 2001 11:23:42 +0100 

On 20/7/01 9:02 pm, "Gustavo Vieira Goncalves Coelho Rios"
<gustavo@ifour.com.br> wrote:

> Hi folks!
> 
> I facedd with a strange zope behavior.
> 
> i am trying to get a digest for a string, using md5 routines, but zope request
> to provided (again) with a user/password. What i cannot understand is that i
> logged in with a manager account.
> 
> Here is the script:
> 
> import random, string, md5
> 
> def strrnd(nlen = 24) :
> result = ''
> while nlen :
>   nlen -= 1
>   result += random.choice(string.hexdigits)
> return result
> 
> a = md5.new(strrnd() + icn + container.REQUEST.environ['HTTP_USER_AGENT'] +
> container.REQUEST.environ['REMOTE_ADDR'])
> 
> return a.hexdigest()
> 
> Since zope ask again and again for a user/password i hit cancel and the html
> returned is:
> 
> May some one PLEASE help me correct the problem?
> 
> Thanks A LOT for your time and cooperation.
> 


Ok, since you seem desperate! :)


> File /usr/home/zope/Zope/lib/python/Products/PythonScripts/PythonScript.py,
> line 362, in _exec
>   (Object: pySessionSet)
>   (Info: ({'script': &lt;PythonScript instance at 89c2d40&gt;, 'context':
> &lt;Folder instance at 89c2900&gt;, 'container': &lt;Folder instance at
> 89c2900&gt;, 'traverse_subpath': []}, ('df',), {}, None))
> File Script (Python), line 10, in pySessionSet
> File /usr/home/zope/Zope/lib/python/AccessControl/ZopeGuards.py, line 122, in
> guarded_getattr
>   (Object: md5)
> File /usr/home/zope/Zope/lib/python/AccessControl/SecurityManager.py, line
> 149, in validate
> File /usr/home/zope/Zope/lib/python/AccessControl/ZopeSecurityPolicy.py, line
> 172, in validate
> Unauthorized: new

That's your problem - 'new' is not allowed in PythonScripts. There is
machinery that will allow you to add 'md5' to the list of 'ok' modules for
inclusion in a PythonScript, but you'll need to read up on how to do it - I
dunno how to. In any case, it's the 'new' that's causing the problem, not
md5.

And the solution?....

Use an external method, they can do *anything* that the userid Zope is
running under, including writing and deleting files. You'll find that md5
will work too.

Hth
Tone.
-- 
Dr Tony McDonald,  Assistant Director, FMCC, http://www.fmcc.org.uk/
The Medical School, Newcastle University Tel: +44 191 243 6140
A Zope list for UK HE/FE  http://www.fmcc.org.uk/mailman/listinfo/zope