[Zope] Automatically import a zexp
Oliver Bleutgen
myzope@gmx.net
Tue, 22 Jan 2002 18:17:48 +0100
Tille, Andreas wrote:
> Hello,
>
> as a Debian maintainer I wonder if there is any clean method to import
> zexp products by a script (not using the import method from a browser).
> The idea is that installing Python products is simple by copying the
> python code to the right place and restart zope. Works fine in the
> Debian postinst script.
> But what to do with zexp products. I tried a very dirty hack like
>
>
>
> ZOPEUSER="<place the name of Zope administrator here>"
> PASSWD="<and his password>"
> ## For sure this is insecure.
> ## You should find a secure way using debconf to maintain this!!!!
>
> IMPORT=<product-name>.zexp
>
> LC_ALL=en_EN
>
> HOST=localhost
> PORT=9673
>
> wget --proxy=off --http-user=${ZOPEUSER} --http-pass=${PASSWD} \
> http://${HOST}:${PORT}/Control_Panel/Products/${prod}/manage_importObject?file=${IMPORT}
>
>
> but I think I really do not have to tell you that this can not be the
> recommended way to go.
>
Dumb question, why not? What (linux-) priviledge level does one need to
install a new package?
If you think that installing filesystem products the way you described
is secure, then I don't see why using this shellscript isn't, provided
it is only readable by the right user(s).
If you are able to install products, you can vaporize zope's security
anyway AFAIK, so I don't see why this should be more insecure.
cheers,
oliver