On Fri, 25 Feb 2000, Hannu Krosing wrote:
Michel Pelletier wrote:
Zope does not differentiate between managment methods and, say, DTML methods that are public (other than authenticating them against Zope's security system, of course). They are all just objects in an object space.
Putting management interface on a different port has the added benefit thet browser automatically sends different authentication for management interface and 'user' pages.
And it has the disadvantage, IMO, that Zope not only does not make a distinction between management and non-management methods, it also does not make a distinction between managers and non-managers. Or, rather, management is distributed, subtree-specific, and finely tailorable. The only distinction it would be easy to make is between methods that start with "manage" and ones that don't, *in the URL*. But there are other ways to access management methods, under control of Zope's security mechanisms. Your security model gets a little muddy and ambiguous in that event, it seems to me. Personally, I don't think trying to shoehorn a split management/access interface on top of Zope's fine grained security model is a good idea. The nice thing about Open Source, though, is that if you want to take a hack at it, you can <grin>. --RDM