[Zope] future direction (was "problems with SiteRoot in Zope2.5.1")

[Jim Penny]

On Mon, Jul 29, 2002 at 05:18:19PM -0400, Chris McDonough wrote:
> I sympathize with this, it's a real job keeping up with Zope
> developments.  But one person every couple of days locks themselves
> out of their site using a SiteRoot, and runs screaming to this list.
> ;-)  Evan or someone else usually talks them down from the tower in
> gentle tones, but it's still... well, it's annoying.  This is why
> VirtualHostMonsters are better.. they're inert unless you actually
> use them.  And they do everything that SiteRoots do.
> 
> Personally, I want to nuke SiteRoots out of Zope but I don't think
> it's going to happen (because lots of folks use and like them), so
> no worries in any case.  They're going to stay around, probably
> until the bits fall out of them.  We'll just need to prop Evan and a
> couple of other folks up in front of their PCs 24x7 to deal with the
> poor souls who innocently fill out a form and then find they can no
> longer access any of their data. ;-)

How about a check to prevent them from being installed in Zope's root
directory?  Then people could get to the undo tab without any real
effort.

It is kind of a pet peeve that there is not a section in the book about 
"Best Practices"  (gad, I hate that term).  Anyway, it would seem to me
to be a best practice that Zope's root be open only to your most trusted
administrators, contain anything that is security conscious (database
connectors spring to mind), and not contain anything that can lock you
out of your site (siteroots, VHMs,  and third party user folders spring 
to mind.)

Jim Penny
> 
> - C
>