My site has several hundred registered users, and potentially it could have many thousand. Is it practical and manageable to handle access control programmatically (assuming user info - usernames, passwords, etc.) are stored in a Postgres db)?
I'm not sure what you mean. (Possibly a Java/Zope concept mismatch here.) If you mean "is it reasonable to authenticate a few thousand users against a Postgres database from Zope?" the answer is 'yes'. That many users is peanuts, but even if you chose a really big number, there's no serious problem I've run against. How? Take a look at SimpleUserFolder or XUF: http://www.zope.org/Members/TheJester/exUserFolder http://www.zope.org/Members/NIP/SimpleUserFolder Both should be fine authenticating against a database.
Is there a database pooling mechanism for Zope+PostgreSQL?
You'll have to check the requisite database adapters. Psycopg at least does aggressive connection pooling, and I'll bet any similarly developed DA will too. http://www.zope.org/Members/fog/psycopg http://www.zope.org/Members/tm/ZPoPyDA/ http://www.zope.org/Members/reedstrm/ZPyGreSQLDA-rjr
Does anyone have any comments about Zope performance as compared to Tomcat/Java? Any caveats?
For display of simple pages, a servlet/JSP engine will generally beat Zope, since such pages are generally static to Java, but not to Zope. I haven't yet benchmarked some more complex circumstances. My guess is that Zope will be better at more complex tasks, but it's just a guess until I get around to some better test cases. http://zopeedge.com/benchmarks --jcc