Benutzerspezifische Werkzeuge
Sie sind hier: Startseite Produkte Import File Uploader Documentation

Documentation

— abgelegt unter:

This document contains the documentation of the Import File Uploader Version 0.2.
It directs to ZOPE administrators for setting up the Import File Uploader and managing the access to the Import File Uploader.
How to use the Import File Uploader is described in the Help Document.


Content of this document:
0. Prefaces
1. Installing
2. How the Import File Uploader works internally
3. Managing users
4. Risks by using the Import File Uploader


0. Prefaces

  • Be sure you have read the entire document before you are going to install the Import File Uploader.
  • You should be familiar with basic ZOPE functionality.

1. Installing

The Import File Uploader comes within an archive (ImportUpLoader.zip) containing the following files:

  • copyright.html - the copyright and license information file
  • doc.html - this documentation file
  • help.html - the help file
  • history.html - the version history file
  • ImportUpLoader.py - python source file containing the external methods
  • ImportUpLoader.zexp - exported ZOPE objects containing the main part of the Import File Uploader
  • readme.txt - a file referencing the other information files

 

To install the Import File Uploader do the following steps:

  • Read the documentation (this document) carefully to its end.
  • Set up disk quotas for the import directory of your ZOPE installation (see 4. Risks by using the Import File Uploader).
  • Extract the file ImportUpLoader.py into the Extensions directory of your ZOPE installation.
  • Extract the file ImportUpLoader.zexp into the import directory of your ZOPE installation.
  • Enter your ZOPE manage interface at a folder you wish and import the ImportUpLoader.zexp file. - A folder named ImportUpLoader containing all objects of the Import File Uploader will be created.
  • Enter the ImportUpLoader/acl_users folder and manage the users as you wish.
  • If you like rename the folder ImportUpLoader as you wish.
  • Delete the file ImportUpLoader.zexp in the import directory of your ZOPE installation.
  • Start any browser addressing the Import File Uploader on your ZOPE server, log in and enjoy!

 

To uninstall the Import File Uploader do the following steps:

  • Delete the folder containing the Import File Uploader on your ZOPE server (if not renamed the folder ImportUpLoader).
  • Delete the file ImportUpLoader.py in the Extensions directory of your ZOPE installation.
  • Cleanup the import directory of your ZOPE installation (delete the files you don't like there).
  • If you set up special disk quotas for the import directory of your ZOPE installation during installation of the Import File Uploader: Check and reconsider your configuration.

 


2. How the Import File Uploader works internally

The following description shows only the main ideas. For further information: Use the force - read the source. I tried to keep it simple and added a lot of comments within the source code...

The Import File Uploader holds information about the files in the import directory of your ZOPE installation in a special folder FileDB. The id of the dtml documents there is equivalent to the file names. Some properties contain additional information like the ZOPE user uploaded the file, the upload time and the modification time. The content of the dtml documents is used as a comment for the file. Files not uploaded using the Import File Uploader have empty user information in the folder FileDB. An external method synchronizes the content of this folder.
Any information presented to the user is created out of the objects in the folder FileDB using the current username. So the user can only manipulate the files uploaded with the same username.
Any actions possible are programmed in a usual way. Read the source...


3. Managing users

The Import File Uploader is not available to Anonymous ZOPE users (due to modifications in the Security tab of the base folder of the Import File Uploader). All users have to be Authenticated ZOPE users.
The user management follows the standard ZOPE procedures within the acl_users folder in the base folder of the Import File Uploader. Ordinary users should have no special roles.
Be sure to delete or modify the initial installed user ImportTester. This user is included in the installation as an example. At least you should change the password!


4. Risks by using the Import File Uploader

The Import File Uploader violates some basic ZOPE security aspects due to the (restricted) access to the file system of your server. All the corresponding functionality gets installed with the ImportUpLoader.py file in the Extensions directory of your ZOPE installation. The Python methods there allow restricted access to the import directory of your ZOPE installation. If they don't do so it's a serious security risk (please send me an urgent email, if you discover such a bug: cdlfj@jagusch-online.de).
Even if its working all right there is a chance to wound your server: The Import File Uploader contains no restrictions for the amount of data uploaded. So someone (an unfit user or a hacker who cached an user account of the Import File Uploader) could run your disk out of space. You should prevent this by setting quotas for the import directory of your ZOPE installation.

The usage of the Import File Uploader is not waterproof. Due to the access to the file system with only one system user (the user account running ZOPE) the uploaded files for different Import File Uploader users cannot hided completely to each other. A file uploaded by one user can get imported into ZOPE by any ZOPE user having the Import/Export objects permission (usually included in the Manager role). So thing twice who should have access to the Import File Uploader. All these persons should be aware of this risk.

Further (ordinary) risks are described in the online Help.


© by Frank Jagusch

Artikelaktionen