Dreamweaver + Zope SSL HowTo

Created by . Last modified on 2003/08/05.

---

The bad news

There is no shortage of "modern" wysiwyg Web authoring tools such as Dreamweaver, GoLive, HomeSite and Namo. Several of these tools support WebDAV as well as ftp, but none of them support secure protocols such as SSL. (Well, one now does - HomeSite 5 supports ftp over SSL but this approach seems to be a bit of a minority sport.)

For larger organisations moving towards single sign-on (or at least single identity with password synchronisation) the absence of a secure mechanism for the transmission of passwords becomes a major issue. Remember that, because of the stateless nature of the Web, any authentication credentials are passed across the network for every page you visit - this provides repeated opportunities for passwords to be sniffed.

The good news

The issue has been raised in the Macromedia Online Forums but as yet there has been no response from the vendor. My hunch is that a year from now (this was written in March 2002) SSL support will be the norm.

Until then a workaround is required and this HowTo describes one approach using a third-party WebDAV client (such as TeamDrive or WebDrive) which supports SSL. In a perfect world you should be able use Microsoft's WebFolders - whilst these work over SSL they seem broken in various ways which prevents their use by Dreamweaver et al. with Zope as the back-end server. (I expect WebFolders work swimmingly with IIS and FrontPage Extensions but, hey, if you want secure computing then that's not going to be your point of departure, is it?)

The recipe

1. Set up ZServerSSL as described here and here. (Ioan's HowTo might look a bit daunting but if you want a quick fix just go to the end of his document and follow the bit commencing "If you want to install SSL on Zope 2.4.x, try this quick and dirty installation".) You should use Zope 2.4.3 - ZServerSSL is not yet available for Zope 2.5.x.
   
   [I'm sure you can front things with Apache but I haven't yet got my head round how you secure both the standard http port and the webdav_source_port. Perhaps someone can me help out in this regard?]
   
   
2. Install WebDrive or TeamDrive on your client computer(s). If using WebDrive make sure you use V5.0 (earlier versions don't support SSL). Make a connection to the secure Zope server using the webdav_source_port. A drive such as Y: will be magically created on your machine. As far as I can see drive Y: will then behave like any other Windows drive - you can create folders, rename files, copy-and-paste (but see the Gotchas below), etc. Life is very, very good - this is Samba over the wide-area.
   
   
3. Fire up Dreamweaver. Drag-and-drop files from drive Y: on to a new Untitled Document window (or navigate to drive Y: via File > Open). Edit away. Save. Job done - all securely!
   

Gotchas

Read the next bit because the above recipe almost certainly will not work without the following tweaks:

1. TeamDrive will not work unless you amend the file zserver/medusa/asynchat.py on your server. On lines 59, 60 you will see:

   ac_in_buffer_size = 4096
   ac_out_buffer_size = 4096

   Increase the buffer sizes, for example:

   ac_in_buffer_size = 100000
   ac_out_buffer_size = 100000

   and things will now work. I'm not sure if WebDrive needs this too - my installation broke after about a week and my (client) machine started crashing horribly (BSOD) when WebDrive was in use over SSL. The buffer tweak seems to have co-incided with the WebDrive over SSL problem going away. I haven't managed to reproduce this problem on other PCs though.

2. You need to replace the default PUT_factory server side if you want things like Presentation Templates to survive molestation by Dreamweaver (GoLive is a much better citizen in this regard). Add the following as put_factory.py to your Extensions folder:

   from Products.PythonScripts.PythonScript import PythonScript
   
   from Products.PageTemplates.ZopePageTemplate import ZopePageTemplate
   
   from OFS.DTMLDocument import DTMLDocument
   
   from OFS.Image import Image
   
   from OFS.Image import File
   
   
   def PUT_factory( self, name, typ, body ):
   
       # Gimme a PageTemplate or a PythonScript, but never DTML!
   
       if typ=='text/x-python' or (body and body[0]=='#'):
   
           ob = PythonScript( name )
   
       elif typ.startswith('text'):
   
           ob = ZopePageTemplate(name, body, content_type='text/html')        
   
       elif typ.startswith('image/'):
   
           ob = Image(name, '', body, content_type=typ)
   
       else:
   
           ob = File(name, '', body, content_type=typ)
   
       return ob

   Now, from the ZMI, add an External Method specifying:

   Id: PUT_factory
   Module: put_factory
   Method: PUT_factory

   The modified PUT_factory will have effect at the folder where you put the external method object (and anything below it). You may want to place it in your root folder so that you get the same behaviour wall to wall.
   

3. Whilst you're editing source files on the server it is also an opportunity to tweak line 40 of PageTemplate.py in lib\python\Products\PageTemplates so that it becomes:
   
   expand = 0

   This will cause new .pt files not to expand ZPT macros by default.
   
   

4. Any title property set (via the ZMI) for a Presentation Template gets lost in the "create .tmp file, rename .tmp file, delete .tmp file" dance that Dreamweaver does on every edit operation. One way round this is to store such meta data in tags in the <head> bit of your Presentation Template.
   
   One fix on the disappearing title might be to set it as a meta tag in the head of your document and then have the PUT_factory find it there (via a regex) and turn it into a regular Zope property. Another fix is to have a tal:replace on title that goes off to a Python Script which then sniffs all sorts of places looking for an appropriate title.
   
   
5. Copy-and-paste via NT Explorer is tricky for .pt files. If you do it outside the influence of the modified PUT_factory and the metatype of your .pt object becomes 'File'. With the modified PUT_factory in effect, WebDrive then handles NT Explorer copy-and-paste properly.
   
   TeamDrive doesn't handle copy-and-paste correctly even with the modified PUT_factory in effect - the metatype of your original .pt object still becomes 'File'. However, the TeamSource developers are aware of the problem and are working on a fix.
   
   For reasons I don't fathom copy-and-paste using NT Explorer via WebFolders not only works but also preserves the title property (see Gotcha No. 4).
   
   
6. Get in the habit of working exclusively via either the ZMI or TeamDrive/WebDrive. Or, if you are going to switch between these two modes, make a point of understanding the WebDAV client caching process (and tuning it as required). You can get in a right old mess if you make changes at the Zope end (via ZMI) and don't properly refresh any local caches. I know, I've done it.
   
   
7. Dreamweaver is extension-challenged. Extensionless objects will only open in Code View (and you can't switch to the Design Views).
   
   
8. Think hard (and experiment before trusting your life on it) about the following experience of Max M with Dreamweaver templates and the Local Folder (see Tip No. 3 below) - it could only happen with IIS, right?
   
   1) If you use templates in Dreamweaver you have one page with the site's layout. When you change that page DW automatically changes all the pages that uses that layout.
   So it goes in and opens every page changes it and saves it again. It does this in Dreamweaver's "local" folder.

   2) Apparently IIS does some kind of locking and caching of files that it has served to browsers. So if you try to open a file that has recently been served by the IIS it behaves oddly. I don't remember the exact behaviour - perhaps you cannot open it or perhaps you cannot save on top of it.

   This behaviour, together with Dreamweaver's templating behaviour, causes you to loose every file recently opened through IIS if your site is directly in the local folder. So I learned the hard way to always have a Remote and a Local Folder in Dreamweaver.

Tips

To make Dreamweaver work still more sweetly with Zope:

1. Apply Updater 4.01 (you certainly need this if you want to use the built-in Dreamweaver WebDAV features - but remember this doesn't work with https URLs - which, of course, is the motivation behind this HowTo). The updater doesn't work on the 30-day trial version of Dreamweaver.
   
   
2. Inside your Dreamweaver installation find the file Configuration/Extentions.txt and edit it to include:

   PT,HTM,HTML, ..... :All Documents
   PT:Zope Presentation Templates
   HTM,HTML:HTML Documents 

   Note that ":Zope Presentation Templates" or " :Zope Presentation Templates" don't solve the extensionless object problem (see Gotcha No. 7).
   
   
3. The Remote Site view in the Site window is now redundant - the Local Folder view can be set up to show everything on the Remote Site by mapping the Local Root Folder (in Define Sites) to drive Y: (or whatever) provided by WebDrive or TeamDrive.
   
   
4. Dreamweaver may try to create a "_notes" directory on Zope. This is a big no-no for Zope ("_" is a special namespace). It seems benign as the errors are not fatal. However, turning off Maintain Design Notes (via Define Sites > Design Notes > Maintain Design Notes) seems to solve the problem (though Dreamweaver still seems to want to create a _notes directory in your the Local Root (w.r.t. Dreamweaver) of your Zope site).
   
   
5. Dreamweaver Templates, not to be confused with Zope's Presentation Templates, can peacefully co-exist with the latter. Just Save As Template into drive Y: (or whatever) and a .dwt file (itself a ZPT!) will be created. You can then do File > New from Template to create a new ZPT (with protected fields, for example).
   

Useful to know

1. WebDrive works fine against an ftp server over SSH. Set up an ftp connection but click Advanced, then the Encrytion tab, then select SSH as your FTP method. That's it - nothing else - and you've got secure ftp with drag and drop!
   
2. Any Web authoring tool that supports ftp can be made to work securely using SSH port forwarding or tunneling (providing the server is also configured to support this). The solution is not as transparent as WebDrive or TeamDrive but may suit your needs. The following describe the approach:
   
   • Secure Shell Port Forwarding for Securing Dreamweaver 3 FTP and Other
     Legacy FTP Clients
   • File Transfers and "Tunneling" with SSH and Windows
     

Using applications other than Dreamweaver with this recipe

To be added .....

• Notepad ;-)
• FrontPage
• Word97
• Word2000
• WordXP
• HomeSite
• GoLive
• Netscape 4
• Netscape 6
• Namo

Acknowledgements

This HowTo draws on help from:

• Jaroslav Dostal and Max Dunn (TeamStream) - Zserver tuning
• Chris Withers (NIP) - PUT_factory and title property thoughts
• Joel Burton - _notes problem and title property thoughts
• Max M - Dreamweaver Templates + IIS nightmare

---

Created using Dreamweaver Ultradev V4.01, WebDrive 5.0, Zope Page Templates and ZServerSSL (and then rendered HTML copy-and-pasted to www.zope.org).

Author: [email protected]