[Zope] access cvsweb thru Zope
Martijn Pieters
mj@zope.com
Fri, 11 Jan 2002 10:58:14 -0500
On Fri, Jan 11, 2002 at 10:31:41AM +0200, Max Ischenko wrote:
> > Because it is written in Python, you may have an easier time
> > integrating it in Zope.
>
> How's that?
You may be able to integrate ViewCVS a s a Product into Zope, I meant. This
in contrast to calling ViewCVS as an external program.
> > Note however that Zope runs as an anonymous user as well, and that
> > switching to other users may not be feasable. You would do better
> > adding a special user to all groups that exist in the repository, such
> > that the CGI user can read all CVS files.
>
> I was thinking about using sudo to execute cvsweb or maybe just set it
> suid root.
Which has it's own risks of course. However much I trust Greg Stein and his
code, if there is a security hole in ViewCVS that can be exploited this way,
you are toast.
--
Martijn Pieters
| Software Engineer mailto:mj@zope.com
| Zope Corporation http://www.zope.com/
| Creators of Zope http://www.zope.org/
---------------------------------------------