Greg Ward wrote: > > On 12 November 2001, Jeff Rush said: > > I did this for > > Zope (I'm the Zope RPM maintainer) and now you can get RPMs for > > Quixote at: > > > > http://www.taupro.com/static/RPMs/ > > Cool. I'll add a link to the main Quixote page. Just which RPM-based > distribution is this for, anyways? For Red Hat 7.1 > > After wrestling with Zope for years > > Wow, you must be a very patient man. We struggled with Zope for four or > five months before we know that it was Just Wrong. Some parts of Zope are quite nice and make life easier but others are frustrating. After working with Quixote for a day, I'm finding I have a lot of questions about basic support infrastructure that I took for granted in Zope. * Quixote doesn't seem to put in BASE_URL directives in generated html output, making it a bit clumsy to construct relative URLs. * I'm looking for the equivalent of url_quote and html_quote to wrap strings in python-generated output. * I'm looking for how to require a basic auth login on selected pages -- need to do something re request.response.set_status(...) and check for http header auth fields. I need Zope's userID framework on top of which to build security features. * what are form tokens in session objects? * need the equivalent offor debugging. * not sure of correct way to handle URLs with '.' in them, as in programmatically generated .gif responses. Looks like it requires _q_name() ? * I miss a whole set of URL path manipulation functions, although I think I can get by with os.path.XXX in most cases. Mostly I just need a 'parent' or 'container' request attribute. * any better way of inserting ?x=1&y=2 style values than: """testing %(x)s and %(y)s""" \ % { 'x': request.form['x'], 'y': request.form['y'] } This is where the namespace searching of Zope re attrs, form and environ variables was nice. Some of these are just novice issues and for others, I can write/wrap solutions but I thought I'd check if anyone else has solutions first. > > I'm hoping to dump Solid and Fnorb for ZEO/ZODB instead, with the > > business logic residing in a separate namespace, as discussed > > last month on this mailing list. > > Hey wow, we used to use Solid too. SQL sucks, eh? SQL, and Fnorb/CORBA, both require you to rigidly predeclare your types/interfaces, and while I understand the benefits of such, it makes an impedance mismatch with python's more free form way. Switching to ZODB will improve rapid developing. > One major thing you need to remember about ZEO is that security is > entirely up to you (ie. your firewall and/or which interface(s) ZEO > binds to). Once someone is talking to the ZEO socket, they have > complete, total, and unhindered access to your database. OK, SQL > doesn't *completely* suck. ;-) Yeah, that affects the architecture, but in my case, ZEO is binding to a unix socket and the apache/quixote process is on the same host. I just need ZEO to allow nonweb tools to access the ZODB at the same time pages are being served - email-API queries and cron maint tasks. > Feel free to ask for advice on how to write a Quixote app on top of > ZODB/ZEO. That's what we do for a living. It works pretty well. At the moment I'm wondering the best way to hook it in. I've subclassed SessionPublisher into a ZODBSessionPublisher, to begin/commit_transactions in ZODB, but now I'm wondering if I would have been better to subclass SessionManager instead. My approach works, but any advice? Quixote could use a sample app showing that, catching certain http responses and rolling back ZODB. > Oh, be sure to ask for our zeod script -- Andrew and Neil have fixed > many bogosities; I don't know how many have gotten back into ZC's CVS. I'd like to see that -- I packaged ZEO as an RPM yesterday as well, and wrote the /etc/init.d/zeo-style scripts to make mgmt easier as well as set the correct file perms on logs, databases, etc. etc. for a more seamless install. The ZEO tarball doesn't tell all you need to know for a quick/secure installation. -Jeff Rush