[Zope3-checkins] SVN: Zope3/branches/3.3/ - fixed issue 507: default configuration exposes template code and paths

Christian Theune ct at gocept.com
Tue Aug 15 23:03:06 EDT 2006 

Log message for revision 69553:
   - fixed issue 507: default configuration exposes template code and paths
  
  

Changed:
  U   Zope3/branches/3.3/doc/CHANGES.txt
  U   Zope3/branches/3.3/src/zope/app/appsetup/schema.xml
  U   Zope3/branches/3.3/src/zope/app/server/main.py
  U   Zope3/branches/3.3/src/zope/app/twisted/main.py
  U   Zope3/branches/3.3/src/zope/app/wsgi/__init__.py
  U   Zope3/branches/3.3/zope.conf.in
  U   Zope3/branches/3.3/zopeskel/etc/zope.conf.in

-=-
Modified: Zope3/branches/3.3/doc/CHANGES.txt
===================================================================
--- Zope3/branches/3.3/doc/CHANGES.txt	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/doc/CHANGES.txt	2006-08-16 03:03:05 UTC (rev 69553)
@@ -10,6 +10,10 @@
 
     Bugfixes
 
+      - Fixed issue 507: Default configuration exposes template code and
+        paths. Developer mode is now switched off by default and a warning is
+        issued if it is turned on.
+
       - Fixed issue 383: Twisted and ZServer work the same on any platform.
         Default configuration is to bind servers to all interfaces.
         You find additional information in 'zope.conf' to know

Modified: Zope3/branches/3.3/src/zope/app/appsetup/schema.xml
===================================================================
--- Zope3/branches/3.3/src/zope/app/appsetup/schema.xml	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/src/zope/app/appsetup/schema.xml	2006-08-16 03:03:05 UTC (rev 69553)
@@ -55,16 +55,16 @@
     <metadefault>$softwarehome/src</metadefault>
   </multikey>
 
-  <key name="devmode" datatype="boolean" default="on">
+  <key name="devmode" datatype="boolean" default="off">
     <description>
       Switches the Developer Mode on and off.
 
-      In developer mode, the Web UI will provide usefull utilities for
+      In developer mode, the web UI will provide useful utilities for
       developers to work on Zope 3 applications.
     </description>
     <example>
-      devmode off
+      devmode on
     </example>
-    <metadefault>on</metadefault>
+    <metadefault>off</metadefault>
   </key>
 </schema>

Modified: Zope3/branches/3.3/src/zope/app/server/main.py
===================================================================
--- Zope3/branches/3.3/src/zope/app/server/main.py	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/src/zope/app/server/main.py	2006-08-16 03:03:05 UTC (rev 69553)
@@ -102,6 +102,9 @@
     # Provide the devmode, if activated
     if options.devmode:
         features += ('devmode',)
+        logging.warning("Developer mode is enabled: this is a security risk "
+            "and should NOT be enabled on production servers. Developer mode "
+            "can be turned off in etc/zope.conf")
 
     zope.app.appsetup.config(options.site_definition, features=features)
 

Modified: Zope3/branches/3.3/src/zope/app/twisted/main.py
===================================================================
--- Zope3/branches/3.3/src/zope/app/twisted/main.py	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/src/zope/app/twisted/main.py	2006-08-16 03:03:05 UTC (rev 69553)
@@ -133,6 +133,9 @@
     # Provide the devmode, if activated
     if options.devmode:
         features += ('devmode',)
+        logging.warning("Developer mode is enabled: this is a security risk "
+            "and should NOT be enabled on production servers. Developer mode "
+            "can be turned off in etc/zope.conf")
 
     zope.app.appsetup.config(options.site_definition, features=features)
 

Modified: Zope3/branches/3.3/src/zope/app/wsgi/__init__.py
===================================================================
--- Zope3/branches/3.3/src/zope/app/wsgi/__init__.py	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/src/zope/app/wsgi/__init__.py	2006-08-16 03:03:05 UTC (rev 69553)
@@ -18,6 +18,7 @@
 import os
 import sys
 import ZConfig
+import logging
 
 from zope.event import notify
 from zope.interface import implements
@@ -119,6 +120,9 @@
     # Insert the devmode feature, if turned on
     if options.devmode:
         features += ('devmode',)
+        logging.warning("Developer mode is enabled: this is a security risk "
+            "and should NOT be enabled on production servers. Developer mode "
+            "can be turned off in etc/zope.conf")
 
     # Configure the application
     appsetup.config(options.site_definition, features=features)

Modified: Zope3/branches/3.3/zope.conf.in
===================================================================
--- Zope3/branches/3.3/zope.conf.in	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/zope.conf.in	2006-08-16 03:03:05 UTC (rev 69553)
@@ -85,6 +85,6 @@
 #   Switches the Developer Mode on and off.
 #
 # Default:
-#   devmode on
+#   devmode off
 #
-# devmode off
+# devmode on

Modified: Zope3/branches/3.3/zopeskel/etc/zope.conf.in
===================================================================
--- Zope3/branches/3.3/zopeskel/etc/zope.conf.in	2006-08-16 02:56:42 UTC (rev 69552)
+++ Zope3/branches/3.3/zopeskel/etc/zope.conf.in	2006-08-16 03:03:05 UTC (rev 69553)
@@ -114,6 +114,6 @@
 #   Switches the Developer Mode on and off.
 #
 # Default:
-#   devmode on
+#   devmode off
 #
-#devmode off
+#devmode on

More information about the Zope3-Checkins mailing list