nooron-0.1.x

This page has been superseded by 0.2.x available here

Downloads

• nooron-0.1.2.tgz
• nooron-0.1.1.tgz
• nooron-0.1.0.tgz

Security Warning:

THIS IS ALPHA CODE.

The Nooron Page Templates (for versions < nooron-0.1.2) have a major security hole in them. I would NOT recommend running this other than behind a firewall on a LAN where you trust everybody. The security issue is that (as intended) arbitrary ZPT documents can be called into a Nooron instance using the ?with_template=http://random.url technique. The unfortunate part is that the Python code in these ZPT documents does not yet run in a restricted environment. To be utterly clear, this means that for the moment, anyone who wants to can load any python code they want into a Nooron instance and execute it. Fixed in 0.1.2!

Another issue is that Nooron does not yet know how to use a web proxy. This means that if you run your Nooron behind a firewall, any knowledge or templates (or any other webpages accessible to you only behind your firewall) can be accessed by your Nooron instance. This is a vulnerability if you punch a hole in your firewall so outside users can use the Nooron. If so, they can also use Nooron to peek around at whatever urls they can figure out behind your firewall using the with_template 'feature'. This is not an issue that affects everyone, and this might require some trickiness, so I am not sure when this issue will be resolved. Still a problem in 0.1.2...

New in 0.1.1

• per-class templates
• nooron_app architecture working (first cut)
• demo web_log app has per-class templates (but no npt_for_app_front)
• remote template loading working
• remote knowledge loading working

What 0.1.0 does:

• uses medusa so it is a standalone, long-running web server
• uses GWTK (GooseWorks) as a knowledge management facility
• uses Zope Page Templates (ZPT) as a templating mechanism
• hosts multiple topicmaps simultaneously (using GWApp.py, a mutation of GWSAM.py)
• currently serves three kinds of information:

         /know        - the knowledge in that instance of Nooron
         /topicmaps  - the separate topicmaps in that instance
         /templates  - the NooronPageTemplates in that instance          
         /code       - the Python code which constitutes that instance      
  

What it is currently good for:

• It can publish knowledge in one or more topicmaps through NooronPageTemplates (basically just ZPT, at the moment.)
• Provides starting points for various templates:
  • /templates/standard_master (the 'skin' of the site)
  • /templates/topicmap_as_html (the default way to present a topicmap itself)
  • /templates/topic_as_html (the default way to present a topic)
• It offers no editing features at the moment and should be quite secure.

See NooronRoadmap for an indication of what the capabilities of various upcoming versions of Nooron will be.