dynamic wiki content (Re: FrontPage and AllPages)
Bob McElrath
bob+ubuntu-doc at mcelrath.org
Wed Nov 17 20:18:09 UTC 2004
> For example, have a folder inside a wiki called "scripts". From a
> wiki page, you can use some syntax to call one of these scripts, but
> no other scripts.
This is exactly what Zope/DTML does. One adds python scripts as
"external methods" in the ZODB. These are then available (subject to
Zope access controls) to both DTML and anyone who can issue an HTTP GET.
Therefore, for the example of deleting all pages on the wiki, one can do
this with a simple script like (bash) ::
for page in FrontPage PageOne PageTwo; do
wget http://wiki.site/$page/delete
done
Thus, DTML does not open up any more security holes than are already
present. (Subject to access controls, of course)
One cannot do anything with DTML that is not already exposed as an
externally available method from the python code. (e.g. one could
simply use HTTP GET to run that python method anyway)
So I think the discussion of adding special syntax to run special python
methods is unnecessary. That is *exactly* what DTML is.
--
Cheers,
Bob McElrath [Univ. of California at Davis, Department of Physics]
"It's not the people who vote that count. It's the people who count the
votes." -- Joseph Stalin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-doc/attachments/20041117/f418dbfb/attachment.pgp>
More information about the ubuntu-doc
mailing list