On Wed, 2003-05-28 at 04:39, Paul Winkler wrote:
On Wed, May 28, 2003 at 08:23:53AM -0700, Dylan Reinhardt wrote:
And using an external browser means oops, typo... s/browser/server/ you lose so many nice things like zope's security management.
Though SSH won't use the Zope security model (that I know of), key-based authentication isn't that onerous to manage and/or deploy.
I meant for managing access to the downloadable resources.
Ah... the subject line threw me off a bit. :-)
If some content is in zope and some is available via apache, and some of the apache content needs to be restricted to some users, it's a lot of extra work to make this transparent to your end users.
Yeah, that's a tough one.
I don't really know how I'd deal with that.
I punted when I came across this problem in one of my apps... just ended up serving all private/restricted content from the ZMI. Not very elegant, but my requirements weren't large enough scale to attempt anything more complex. I've been toying with Twisted a bit lately and wonder if it might be used to create a helper app for Zope that functions as a separate web server that can exchange/lookup some kind of authentication token with Zope. Large files could then be served on a separate port and restricted to those with a cookie and/or URL munge approved by Zope. This hasn't gotten anywhere near my radar screen... but it seems like something that I might attempt if/when this need crops up next time. Dylan