[Zope] Prevent recursive and multiple URLs in Zope

Urs van Binsbergen van.binsbergen@taktik.ch
Sun, 11 Aug 2002 16:09:31 +0200 

Hello Dieter

Thank you very much for your answer!

> > a) Philosophically: As the name "UNIQUE resource locator" already says:
> > it is generally not good to have the same content available via differe=
nt
> > locators.
>Maybe, your philosophical argument is weakened when you learn
>that URL stands for "*UNIVERSAL* resource locator".
Uh-oh, bad one ;-) Sorry for this.

>It is quite common to have the same resource accessed through different
>URLs: often the same resource can be accessed both via HTTP and FTP,
>often the same (local) resource can be accessed with the "file", the "ftp"=
 
>and the "http" protocol, often the same resource can be accessed
>via both "ftp" and "webdav" (wich is HTTP based).
Yeah, and some sites are also mirrored in different locations, and so on. 
This makes sense, of course.

But: I am talking about "different URLs for the same thing on the same 
protocol on the same location". And I still insist: I feel uneasy if I 
know my stuff is accessible under a fantasy URL like
http://mydomain/my_stuff/index_html/my_stuff/index_html/my_stuff/index_html
/...
(ad infinitum)

> > b) Technically: Working with relative links becomes unreliable and
> > dangerous. Problem #1 causes a relative URL to sometimes work and
> > sometimes not work, depending on whether the visitor accesses "foo/bar/=
"
> > or "foo/bar".
>Only, when you do strange strings. Usually, Zope sets the HTML base
>tag, such that it does not matter whether the user uses "foo/bar/"
>or "foo/bar".
It does? Not with my installation (2.5)! I am using the default 
header/footer, or looking at a zpt page (with the default code 
auto-created after adding it) - no base href appears.  Is this a setting 
I must change?

> > Problem #2 makes relative links to be the door to infinite
> > recursion. A simple link like "<a href=3D"foo/">clickme</a>" will be th=
e
> > trap, where tumb spiders will loose themselves in a infinite loop (this
> > was discussed shortly on this list under the subject "htdig indexing
> > problem".
>When you use relative links in the same way you are forced to do it
>in a file system based publishing environment, there will be no
>infinite recursion. Simply avoid relative links containing a "/"
>not preceeded by "..". Use an absolute URL otherwise.
Ok, but who can guarantee me that anybody working with the system 
(especially the non-technical guys) will always stick to this rule? 
Nobody! Errare humanum est. Unless I validate all user-generated code I 
can't expect this is done in a correct way all the time.

>You may also learn about SiteAccess AccessRules (--> documentation
>on Zope.org).
As I wrote I already checked this out:
"I tried to do it using an Access Rule with SiteAccess2, but this doesn't 
seem to lead to a sensible solution, because an Access Rule is invoked 
when a folder is traversed FIRST, and in this moment it is not known 
which type of object the URL will call at last. So there should be 
something like an Access Rule to be called _at the very end_ of the 
traversal/acquisition process."

Kind regards,
Urs

-------------------------
Urs van Binsbergen
van.binsbergen@taktik.ch

bureau taktik GmbH
Zentralstrasse 76b
8003 Z=FCrich
Telefon 01 450 34 05
-------------------------