default configuration exposes template code and paths

The ++debug++ namespace traverser is registered in zope.app.traversing/configure.zcml (last directive). I propose to add zcml:condition="have developer-mode" to this directive to prevent it from being loaded when developer mode is turned off. That should be the case for all production sites, really.

+1 for philikons suggestion.

+1

Status: Pending => Accepted

 Supporters added: ctheune

Binding it to developer mode as suggested ...

I'm checkin in the fix for 3.2, 3.3 and trunk. However, I don't see a reasonable way to test this. :(

Therefore I will not close this issue. If somebody could give me a hint on how to test this, I'd do it.

We might want to go for a disclosure now. I have not added a changelog entry though. The *default* configuration still exposes
the template code. Switching off the devmode disables access to
the ++debug++ namespace.

Comments?

From the previous comment, I take it that Zope 3 is in development mode by default.

I think this is a mistake. It reflects an assumption that Zope 3 is mostly used to develop software and rarely used to deploy software. This might be true *today*, but surely it isn't something we want to be true long-term!

The principle use of Zope 3 libraries should be to develop new applications. Which is fine, beause that's just the libraries, and development mode has no bearing on that.

The principle use of Zope 3 instances should be for people to install already-written applications and simply run it. That's what the main use of PHP is. So, Zope 3 should ship with development mode disabled by default. The rare Zope 3 user who is a developer will follow the documentation and enable development mode. Like something like PHP.

Yeah, I know it doesn't reflect the Zope 3 userbase now, but if we want Zope 3 to be widely adopted and used as a base for cool pre-written software, we need to start thinking this way.

> = Comment - Entry #7 by stevea on Jun 19, 2006 1:57 am
>
> From the previous comment, I take it that Zope 3 is in development mode
> by default.

That's right.

> I think this is a mistake. It reflects an assumption that Zope 3 is
> mostly used to develop software and rarely used to deploy software. This
> might be true *today*, but surely it isn't something we want to be true
> long-term!

Notice that Zope 2 ships with "debug mode" *off* by default. I think we should adopt the same strategy here.

> The principle use of Zope 3 libraries should be to develop new
> applications. Which is fine, beause that's just the libraries, and
> development mode has no bearing on that.
>
> The principle use of Zope 3 instances should be for people to install
> already-written applications and simply run it. That's what the main use
> of PHP is. So, Zope 3 should ship with development mode disabled by
> default. The rare Zope 3 user who is a developer will follow the
> documentation and enable development mode. Like something like PHP.

Yepp.

> Yeah, I know it doesn't reflect the Zope 3 userbase now, but if we want
> Zope 3 to be widely adopted and used as a base for cool pre-written
> software, we need to start thinking this way.

I'm totally with you. Maybe we should carry this to the mailinglist and get a general consensus on this topic. Making
the actual switch is easy. :)

I discussed this with Jim and he agrees that this does not need to be confidential.

Two things that we came up with:

a) disable developer mode by default

b) log a warning when developer mode is turned on, maybe even put a
red banner in the ZMI to say "You're in developer mode. Don't use this in production." (or similar)

Changes: submitter email, edited transcript, security_related unset

Status: Accepted => Resolved

I changed defaults of the configuration schema and logging a warning on startup as discussed.

Fixed on 3.3 branch in revision 69553.
Fixed on trunk in revision 69554.

wee, this was not very helpful, my zope.conf is customized for a different port number, so got no update on 'svn up'.
you would have spared me half an hour of search if you just added:

- an entry in CHANGES.txt on the changed devmode default
- a better checkin message like
  "Make devmode be turned off by default."
  http://svn.zope.org/Zope3/trunk/zope.conf.in?rev=69554&view=rev

btw. /++help++/ should not hold a link to 'API Docs' with devmode off to avoid traversal errors -- or maybe access to ++apidoc++ could create a descriptive message instead of an error ?

so let me commit this to avoid confusion:
http://paste.plone.org/10291

Doc fix is commited in r69586,69587/69588

For the record: The ChangeLog includes a message about this.

About the change in the UI: I don't like adding fineprint like this to the UI, as it tends to clutter it up. There should be a better way to communicate this. It's not like the actual behaviour changed, but just the default setting.

ctheune: what about adding a new method to z.a.applicationcontrol.interfaces.IRuntimeInfo
say `isDevmodeOn()` which will return True if `devmode` is on.
Based on this show the link to `++apidoc++`.

hmm..or is this more complex?

This has other issues with the discoverability.

Here is an easy one: Keep the link active. Don't show the text. But based on the feature 'devmode' we put in a different registration for a page that says "This feature is disabled. To enable it, please enable developer mode for the Zope server."

Status: Resolved => Accepted

+1 to ctheune's suggestion. I'm reopening this issue.

-1 on the parenthetical note

Status: Accepted => Resolved

Fixed on 3.3 branch and trunk.

The ++apidoc++ is now always available. If 'nodevmode' is set (i.e. developer mode is switched off), a message will be displayed the informs the user about apidoc's dependency on devmode.

Status: Resolved => Accepted

Uploaded: developermode.diff

here is a patch that adds getDeveloperMode() to IRuntimeInfo, thus allows to display the state of the current Developer-mode under 'Runtime Information'(/++et++process/index.html)

I'm +1 on d2m's patch.

d2m: Perhaps you can extend the application controller's (f)tests and include that in the patch. Then we can apply the patch right away.

Uploaded: developermodeandtest.diff

extended the patch to pass the tests

Thanks Michael. I committed your patch to Zope 3.4.

The fix was released.