[ANN] SkunkWeb 3.0 Released!

Drew Csillag drew_csillag at geocities.com
Fri Aug 24 22:13:46 CEST 2001


On Fri, Aug 24, 2001 at 08:46:22PM +0400, Oleg Broytmann wrote:
> On Fri, 24 Aug 2001, Drew Csillag wrote:
> > > > You don't trust the people who build the website for your company?
> > >
> > >    Certainly NO! Let us see.
> > >
> > > 1. Some people do malicious things intentionally.
> >
> > If they work for you, they should be fired, and quickly.
> 
>    We do it, from time to time. But first you need to catch them by hand.

Well, if that is your situation, then you may want to put bars around their
cubicles as a precautionary measure :).

> > Trying to make something foolproof is an exercise in futitlity as
> > fools are incredibly ingenious.
> 
>    ROFL :)))
>    Too true, too true...
> 
> > One could argue that Zope's web based content management system offers
> > more holes for the outside cracker to exploit though.
> 
>    I have never heared about cracked Zope site.

Well, there was at least one this year (not a cracked site but a
vulnerability):
    http://lwn.net/2001/0315/a/zope-zclasses.php3

Even if there were no vulnerabilities, there's something about having
a web based content management system on the open net that just gives
me the heebie-jeebies.

> > > 4. And there are different types of sites and users. Think about Geocite.
> > > Do you trust its users? :)
> >
> > Of course not.  SkunkWeb was not designed for, nor is it appropriate for
> > hosting in that way.
> 
>    That's the point!

Ahhh, no.  Hosting your own content is what most people deal with I
believe, not hosting other people's content, otherwise most of the app
servers on the market wouldn't exist because they have a similar trust
model as SkunkWeb, e.g. PHP, ASP, JSP, StoryServer, PSP all effectively
trust the template authors.

After I thought about it a bit, you could host something like Geocities
with SkunkWeb very easily by turning off component evaluation on user
directories.

> > >    No. Without a class it is not programming at all.
> >
> > Ahem...  You are saying that without classes, you aren't programming?
> > So this whole Linux kernel is not *real* programming?  I respectfully
> > and emphatically disagree.
> 
>    I meant "object publishing"... but let us forget it now.

Ahh, ok.  Got it.

> > I guess the main crux of this discussion is:
> >
> >    SkunkWeb is best oriented towards sites where the site authors can
> > be trusted not to maliciously mess things up (e.g. where the site
> > authors work for the company that runs the site).  Contrapositively,
> > SkunkWeb is not suited to the environment where the site authors may
> > be hostile.
> 
>    Well said!

>            Programmers don't die, they just GOSUB without RETURN.

Should insert BASIC before "Programmers" :).

BTW: on a totally side thing: can Zope do virtual hosting?

Drew
-- 
print(lambda(m,d,y):['Sun','Mon','Tues','Wednes','Thurs','Fri','Satur'
][(lambda(m,d,y):(23*m/9+d+4+y/4-y/100+y/400)%7)(m<3and(m,d+y,y-1)or(
m,d+(y-2),y))])(map(int,raw_input('mm/dd/yyyy>').split('/')))+'day'




More information about the Python-list mailing list