[Zope-dev] Re: [Zope] isecure XML-RPC handling.
Dieter Maurer
dieter@handshake.de
Sun, 7 Apr 2002 08:58:06 +0200
Rossen Raykov writes:
> >
> > * the immediate correspondence between the request and the
> > response containing essential information to analyse the problem
>
> It's application problem and the application have to handle it.
> Log all the request/responses on the server or the client side.
It's a standard problem, I wish the framework provides a solution
(as it did up to now).
>
> >
> > * newbies
>
> They have nothing to do in a production environment don't they?
I speak about debug mode!
It may or may not have something to do in production environment.
> > Even with the stack trace immediately in the response, they
> > report problems with no or missing essential details about
> > the problem.
>
> Then how one can help there?
We try our best.
One of the most essential features is an immediate feedback
upon problems with easy access to the information that
may help to analyse the problem.
> ...
> The point is that production differ from development environment.
> In the development environment on can do whatever he needs.
> In a production environment reporting information as physical path on the
> server, internal network addresses etc. is unexceptable.
I am with you to say that in "non-debug" mode, such information should
not be exposed.
However, I think that debug mode can even in a production environment
be necessary under some circumstances.
I do not need internal port information, network addresses of absolute
path, but I may need other (more sensible) information about the
problem.
> ....
>
> The conclusion is make the server not to dump the stack in the response
> if -D option does not imply.
Okay!
> With -D dump the processor registers if you would like ;)
I won't ;-), it's not the adequate abstraction level.
Dieter