IRC log of #zope3-dev for Tuesday, 2009-08-25

*** hath|away is now known as hathawsh00:00
*** drudi has joined #zope3-dev00:01
*** hathawsh is now known as hath|away00:11
*** tisto has quit IRC00:12
*** dunny has joined #zope3-dev00:13
*** hath|away is now known as hathawsh00:19
*** aaronv has quit IRC00:26
*** hexsprite has joined #zope3-dev00:37
*** gary_poster has quit IRC00:40
*** afd_ has quit IRC00:41
*** redir has quit IRC00:42
*** mcdonc has quit IRC00:42
*** benji has quit IRC00:47
*** J1m has quit IRC00:49
*** fcorrea has quit IRC00:51
*** nyo has joined #zope3-dev00:54
*** trollfot has joined #zope3-dev00:54
trollfotHi folks00:54
*** gary_poster has joined #zope3-dev00:55
trollfotI have my signed commiter agreement, though the email address for posting it seems unexistant. Where should I send it to ? :)00:55
*** jamur2 has quit IRC01:00
*** gary_poster has quit IRC01:09
*** aaronv has joined #zope3-dev01:16
*** aaronv has quit IRC01:17
*** aaronv has joined #zope3-dev01:18
*** aaronv_ has joined #zope3-dev01:20
*** drudi has quit IRC01:20
*** srichter has quit IRC01:22
*** aaronv_ has quit IRC01:22
*** aaronv_ has joined #zope3-dev01:22
*** aaronv has quit IRC01:23
*** aaronv_ is now known as aaronv01:23
nyowtf, I can't send messages to zope-dev mailing lists01:23
*** danfairs_ has quit IRC01:28
*** danfairs_ has joined #zope3-dev01:28
*** nyo has quit IRC01:29
*** nyo has joined #zope3-dev01:30
nyowho's the mailing list admin? :-)01:33
*** aaronv has quit IRC01:33
*** aaronv_ has joined #zope3-dev01:34
*** aaronv_ is now known as aaronv01:34
*** aaronv_ has joined #zope3-dev01:36
*** aaronv__ has joined #zope3-dev01:38
*** aaronv has quit IRC01:38
*** aaronv__ is now known as aaronv01:38
nyoWhen I try to send any message to any zope mailing lists (tried zope-dev and zope-web), I get permanent delivery failure (CIDR not allowed: (state 14)) :(01:41
*** aaronv_ has quit IRC01:42
*** aaronv has quit IRC01:43
*** aaronv has joined #zope3-dev02:11
*** danfairs_ has quit IRC02:12
*** hathawsh is now known as hath|away02:14
*** brandon_rhodes has quit IRC02:19
*** hath|away is now known as hathawsh02:23
*** dunny has quit IRC02:29
*** redir has joined #zope3-dev02:39
*** junkafarian has quit IRC03:01
*** trollfot has quit IRC03:12
*** hathawsh is now known as hath|away03:15
*** dunny has joined #zope3-dev03:54
*** mcdonc has joined #zope3-dev03:56
*** srichter has joined #zope3-dev04:08
*** ChanServ sets mode: +o srichter04:08
*** brandon_rhodes has joined #zope3-dev04:11
*** nyo has left #zope3-dev04:23
*** davisagli has left #zope3-dev04:42
*** davisagli has joined #zope3-dev04:42
*** davisagli has quit IRC04:46
*** sunoano has quit IRC04:49
*** davisagli has joined #zope3-dev04:52
*** sunoano has joined #zope3-dev04:52
*** pcardune has quit IRC04:52
*** aaronv has quit IRC05:08
*** pcardune has joined #zope3-dev05:10
*** matthal has quit IRC05:16
*** brandon_rhodes has quit IRC05:32
*** pcardune has quit IRC05:42
*** jhauser_ has joined #zope3-dev05:46
*** hexsprite has quit IRC05:52
*** jhauser has quit IRC06:02
*** jhauser_ is now known as jhauser06:02
*** baijum has joined #zope3-dev06:21
*** jhauser has quit IRC06:43
*** danfairs has joined #zope3-dev06:48
*** matthal has joined #zope3-dev06:53
*** baijum has quit IRC07:20
*** afd_ has joined #zope3-dev07:26
*** jfkw has quit IRC07:31
*** pcardune has joined #zope3-dev07:50
*** matthal has quit IRC08:03
*** baijum has joined #zope3-dev08:14
*** pcardune has quit IRC08:15
*** stub has joined #zope3-dev08:19
*** JaRoel|4D has joined #zope3-dev08:31
*** redir has quit IRC08:51
*** jukart has joined #zope3-dev08:52
*** alecm has quit IRC08:58
*** __mac__ has joined #zope3-dev09:07
*** dbfrombrc has joined #zope3-dev09:08
*** zagy has joined #zope3-dev09:11
*** dbfrombrc has quit IRC09:16
*** povbot has joined #zope3-dev09:21
*** reinout has joined #zope3-dev09:22
*** El_Rolando has joined #zope3-dev09:33
*** hath|away is now known as hathawsh09:39
*** davisagli has left #zope3-dev09:44
*** sweh has joined #zope3-dev09:46
*** alga has joined #zope3-dev10:12
*** El_Rolando has quit IRC10:13
*** JaRoel|4D has quit IRC10:21
*** markusleist has quit IRC10:23
*** jpcw has joined #zope3-dev10:24
*** malthe has joined #zope3-dev10:26
*** afd_ has quit IRC10:26
*** markusleist has joined #zope3-dev10:29
*** goschtl has joined #zope3-dev10:29
*** markusleist has quit IRC10:34
*** afd__ has joined #zope3-dev10:47
*** multani has joined #zope3-dev10:48
*** tisto has joined #zope3-dev10:55
*** JaRoel|4D has joined #zope3-dev11:15
*** danfairs has quit IRC11:16
*** matthal has joined #zope3-dev11:32
*** hathawsh is now known as hath|away11:36
*** tarek_ has joined #zope3-dev11:40
*** hath|away is now known as hathawsh11:42
*** matthal has quit IRC11:43
*** junkafarian has joined #zope3-dev11:48
*** markusleist has joined #zope3-dev11:52
*** hathawsh is now known as hath|away11:53
*** MJ has joined #zope3-dev12:02
*** malthe is now known as malthe|away12:40
*** sunoano has quit IRC12:51
*** menesis has joined #zope3-dev12:52
*** sunoano has joined #zope3-dev12:53
*** ignas has joined #zope3-dev13:07
*** menesis has quit IRC13:07
*** menesis has joined #zope3-dev13:07
*** stub has quit IRC13:08
*** alga has quit IRC13:36
*** reinout_ has joined #zope3-dev13:41
*** reinout has quit IRC13:41
*** nyo has joined #zope3-dev13:42
*** reinout_ is now known as reinout13:42
*** nyo has quit IRC13:48
*** MJ is now known as MJ|lunch13:56
*** nyo has joined #zope3-dev13:56
*** aaronv has joined #zope3-dev14:00
*** allisterb has quit IRC14:09
*** MJ|lunch is now known as MJ14:27
*** Aiste has joined #zope3-dev14:42
*** mgedmin has joined #zope3-dev14:43
*** alga has joined #zope3-dev14:48
*** hazmat has quit IRC14:52
*** benji has joined #zope3-dev14:55
*** agroszer has joined #zope3-dev15:06
*** agroszer has quit IRC15:17
*** agroszer has joined #zope3-dev15:18
*** projekt01 has joined #zope3-dev15:40
*** drudi has joined #zope3-dev15:41
*** ARiKA has joined #Zope3-Dev15:47
*** fcorrea has joined #zope3-dev15:49
*** redir has joined #zope3-dev15:51
*** fcorrea_ has joined #zope3-dev16:00
*** jamur2 has joined #zope3-dev16:02
*** gary_poster has joined #zope3-dev16:02
*** J1m has joined #zope3-dev16:05
*** fcorrea has quit IRC16:17
*** redir has quit IRC16:18
*** yvl has quit IRC16:24
*** baijum has quit IRC16:25
*** shentonfreude has joined #zope3-dev16:28
*** goschtl has left #zope3-dev16:33
nyoAnybody wants check out the refactoring results? It's in Sandbox/nadako/ folder in svn.16:33
*** DrogoNevets has joined #zope3-dev16:39
DrogoNevetshi all, i am wanting to limit how many times users can login at once, how do i do this?16:39
*** jhauser has joined #zope3-dev16:40
*** faassen has joined #zope3-dev16:41
benjiDrogoNevets: I don't know of an out-of-the-box way16:42
DrogoNevetsbenji: what about a walkthrough? We have our own PAU we've written authenticationg against a RDB so we can add something to that?16:43
benjisounds like it might be tricky too -- will sessions expire after a while? will a user be able to expire other sessions that pushed them over the limit? etc.16:43
DrogoNevetswe thought of doing it via session too, but it is going to be running on multiple instances so the sessionw ould have to be the the same across the board16:44
*** baijum has joined #zope3-dev16:45
nyofaassen: hey there. do you have time to check out refactored as a steering group dude?16:47
benjihow secure does it have to be?  I suspect you'll have to rely on cookies to identify the browser.  Then if a request is made without an identifying token, and handing out a new one would push the user over their login limit you'd display an error instead16:48
*** lurkymclurkleton has joined #zope3-dev16:49
DrogoNevetsneeds to be a touch more than that unfortunatly16:50
DrogoNevetsbut that was a good idea16:50
benji"more"?  more what?16:51
DrogoNevetsmore secure16:51
benjiIf the token is reasonably time-limited, the only attack I can see would be if the user copied the cookie value to a different machine; is that an attack you're concerned about?16:52
DrogoNevetsthats not no (i assume) - but we need to ensure the user "bob" can login on comp a but not comp b if he is still logged in on comp a, but if her logs out on comp a he can log in on comp b16:54
DrogoNevetsdoes that make sense?16:54
faassennyo: yeah, I want to catch up on the mailing list. I've been slow in checking it and then last week lots of personal stuff happened, but I'll catch up later this week.16:55
benjiI think so.  It sounds to me like the token-based approach plus keeping up with whether or not there is an outstanding token (login) would work.16:56
DrogoNevetscould you explain it a little more for me then please, not sure i understand?16:56
*** __mac__ has quit IRC16:57
benjiWhen a request comes in you'd check to see if they have a non-expired token, if so, let them perform the request.  If not, check to see if that user has already had a token granted, if not, give them one and let the request happen.  If they have already been issued a token, but didn't present it in the current request, give them a message that says that they have to log out (or wait for the token to expire in X minutes).16:58
benjiYou'd also need a log-out function that would clear the token and set the log-in count to 0.16:58
benjifor a small increase in security you could check not only that the user's token is valid, but that it was the most recently issued token (so they can't re-use tokens for the few minutes they remain valid)16:59
benjiplus you'd also have to add a step so that when the user presents an expired token but correct credentials you issue them a new token17:00
benjiand now that I think of it the "small increase in security" bit is actually required17:01
benjithere are likely corner cases I haven't considered17:01
benjiI'm just making this up off the top of my head :)17:02
DrogoNevetsthats fine, we're disscussing it now17:02
projekt01DrogoNevets, theres a simpler solution, just clear all existing tokens if a user will access the site, this will invalidate other open browser logins17:06
benjithe tokens are stored in browser cookies, how would one clear a cookie stored in a browser not currently making a request?17:07
projekt01clear the session token17:08
*** sweh has quit IRC17:08
*** zagy has quit IRC17:09
projekt01but, what about with browsers opening more then one tab?17:09
benjiDrogoNevets said that they don't have a common session store between processes, so -- if I'm understanding him correctly -- they don't have a way to do that17:10
projekt01I guess it's not possible at all with tabed browsers, beause they share the http cokies between tabs17:10
benjiI suspect they want to avoid users paying for one account and sharing it amongst many people, so tabs wouldn't be a worry.17:11
projekt01probably a ticket sysstem could work, but this means you have to use a ticket in each request/post/url etc.17:11
projekt01yup, whould be good to know what's the real requirements17:12
*** baijum has quit IRC17:13
DrogoNevetsbenji, your right, its an anti accoutn sharing thing the customer wants (as well as security)17:13
projekt01DrogoNevets, another solution could be to implement a session string, after login set this session string as a traverse part e.g. server/sessinID/app17:15
projekt01make sure you issue a new session string after each login end remove the old one per user17:15
benjiI suppose your customer isn't worried about users setting up an HTTP proxy that would let them share a single account.17:16
projekt01this whould invalidate access to users after the logged in with a new browser17:16
projekt01even tabed browser could work with such a url pattern17:16
DrogoNevetstabs arent too much an issue, in fact i would say they have to be able to work, but issue with session string there are 5 servers so potentially 5 different sessions17:17
benjiunless a user copies the URL from one tab to another, then they would have two tabs using the same account17:17
projekt01share the sesisson with memcache could solve the problem17:18
benjiyep (as long as they aren't worried about the users copying the client ID cookie between browsers)17:19
projekt01benji, yes your right17:19
*** dbfrombrc has joined #zope3-dev17:20
DrogoNevetsprojekt01: how can we share the session?17:20
projekt01thre is a lovely.memcache package, thsi could be installed as a replacement for the zope session17:21
*** nyo has quit IRC17:21
projekt01then the single memcache server will act as a session share17:22
benjiif the session is stored in ZODB, you can use ZEO so many web servers can connect to the same DB17:22
benjior, since you already have a relational DB, you can put the session data there17:22
DrogoNevetsbenji, yes we would be using zeo17:22
projekt01yes, true17:22
*** nyo has joined #zope3-dev17:23
projekt01benji, are the session data shared asap or by the time given from a setting in the session container data?17:24
benjiZEO will send out an invalidation message to all clients immediately, so all clients should see consistent session data17:25
projekt01benji, I mean with shared with all ZEO clients17:26
projekt01if the session data are not shared asap, it depends probably on which session persistent pattern your load balancer is using17:26
benjiI don't think I understand the question.  Since the session data are persistent objects, if a change to them is commited to the ZODB, all ZEO clients will be immediately be told to discard the old version of the session data.17:27
*** redir_ has joined #zope3-dev17:27
projekt01I think the session data container write session data to the ZODB only periodicaly, or not?17:28
*** srichter has quit IRC17:29
projekt01otherwise we whould not need a session, we could use the principal annotation for store objects or properties???17:29
*** faassen has quit IRC17:31
projekt01benji, is there a difference in write data to ZODB and update objects in ZEO instances?17:32
*** projekt01 has quit IRC17:35
*** lamike has joined #zope3-dev17:37
benjiright, sessions are only checked to see if they have expired every so often, but if a user writes data to a session or explicitly removes it that change is seen by all clients immediately17:38
* benji needs to concentrate on some work stuff now. Good luck DrogoNevets.17:38
*** nathany has joined #zope3-dev17:42
*** hexsprite has joined #zope3-dev17:43
*** davisagli has joined #zope3-dev17:54
*** reinout has quit IRC18:00
*** davisagli has quit IRC18:08
*** jukart has quit IRC18:08
*** afd__ has quit IRC18:20
*** faassen has joined #zope3-dev18:31
*** JaRoel|4D has quit IRC18:35
*** hexsprite__ has joined #zope3-dev18:40
*** pcardune has joined #zope3-dev18:44
*** hexsprite has quit IRC18:46
*** Aiste has quit IRC18:47
*** davisagli has joined #zope3-dev18:50
*** afd__ has joined #zope3-dev18:55
*** runyaga__ has quit IRC19:02
*** hexsprite__ has quit IRC19:03
*** hath|away is now known as hathawsh19:04
*** hexsprite has joined #zope3-dev19:04
*** MJ has quit IRC19:05
*** menesis has quit IRC19:25
*** markusleist has quit IRC19:26
*** jpcw has quit IRC19:32
*** redir_ has quit IRC19:40
*** nyo has quit IRC19:41
*** alga has quit IRC19:42
*** redir_ has joined #zope3-dev19:42
*** pcardune has quit IRC19:43
*** nyo has joined #zope3-dev19:45
*** jpcw has joined #zope3-dev19:54
*** hathawsh is now known as hath|away20:00
*** srichter has joined #zope3-dev20:04
*** ChanServ sets mode: +o srichter20:04
*** alecm has joined #zope3-dev20:07
*** hath|away is now known as hathawsh20:10
*** nyo has quit IRC20:14
*** jukart has joined #zope3-dev20:17
*** junkafarian_ has joined #zope3-dev20:18
*** fcorrea has joined #zope3-dev20:19
*** afd__ has quit IRC20:20
*** alga has joined #zope3-dev20:21
*** junkafarian has quit IRC20:23
*** junkafarian_ is now known as junkafarian20:23
*** jfkw has joined #zope3-dev20:27
*** redir_ has quit IRC20:27
*** jukart_ has joined #zope3-dev20:30
*** fcorrea_ has quit IRC20:32
*** pcardune has joined #zope3-dev20:35
*** fcorrea_ has joined #zope3-dev20:36
*** junkafarian has quit IRC20:36
*** jukart has quit IRC20:37
*** jukart_ is now known as jukart20:37
*** fcorrea has quit IRC20:39
*** sunoano has quit IRC20:40
*** gary_poster is now known as gary-lunch20:41
*** DrogoNevets has quit IRC20:48
*** sunoano has joined #zope3-dev20:54
*** nyo has joined #zope3-dev21:07
*** brandon_rhodes has joined #zope3-dev21:10
*** mgedmin has quit IRC21:10
*** zagy has joined #zope3-dev21:11
*** elro has joined #zope3-dev21:17
*** markusleist has joined #zope3-dev21:19
*** gary-lunch is now known as gary_poster21:21
elroIs there a way to supply build arguments when using zc.recipe.egg:custom? I'd like to build lxml with `python bdist_egg --static-deps`21:22
*** redir_ has joined #zope3-dev21:24
*** agroszer has quit IRC21:25
*** redir_ has quit IRC21:29
*** jukart has quit IRC21:35
*** faassen has quit IRC21:51
*** matthal has joined #zope3-dev21:54
*** redir has joined #zope3-dev21:54
*** hathawsh has quit IRC22:01
*** drudi has quit IRC22:01
*** tarek_ has quit IRC22:03
*** tarek_ has joined #zope3-dev22:04
*** __mac__ has joined #zope3-dev22:10
*** drudi has joined #zope3-dev22:15
*** shentonfreude_ has joined #zope3-dev22:16
*** fcorrea_ has quit IRC22:18
*** shentonfreude has quit IRC22:19
*** davisagli is now known as davi|lunch22:28
*** matthal has quit IRC22:37
*** shentonfreude_ has quit IRC22:37
*** zagy has quit IRC22:47
*** davi|lunch is now known as davisagli22:48
*** __mac__ has quit IRC22:48
*** zagy has joined #zope3-dev22:49
*** zagy has quit IRC22:50
*** __mac__ has joined #zope3-dev22:50
*** tarek_ has quit IRC22:50
*** __mac__ has quit IRC22:51
*** malthe|away is now known as malthe23:02
*** ARiKA has quit IRC23:10
*** ARiKA has joined #Zope3-Dev23:11
*** fcorrea has joined #zope3-dev23:13
*** pcardune has quit IRC23:29
*** ARiKA has quit IRC23:29
*** tisto has quit IRC23:33
*** allisterb has joined #zope3-dev23:47

Generated by 2.15.1 by Marius Gedminas - find it at!