On Monday 15 September 2003 02:24 am, Sinclair wrote:
OK, but with Zope, you can build a application controller who call decode parameters and call the real zope object. Or a simple page page controller who encrypt his parameters :
Example : a document has url : $ZOPE/.../document_manager/document_37.
I wish the displayed url looks like : $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4
That is the document_manager who translates an unreadable parameter to document real url.
Then, first of all, you should ensure that no one *can* directly access "document_37" by restricting viewing to say, management roles only. Then, "document_manager" is a python script that uses a proxy role (i.e. *it* has the permission required to view document_37). This python script decodes the given URL to decide what to return and returns that. The encoding scheme is unspecified, of course. I'm woefully ignorant of cryptography, but it seems to me that this is the sort of thing that GPG can do (i.e. create a reversible encoding of a string). But there may be a simpler solution to that. Frankly, though, I can't see that this is buying you much security in real life. If the password protection on "document_37" is good enough to be useful, then you should be able to rely on it (and avoid proxy roles). If it's not good enough, then merely obfuscating the location like this seems a bit inadequate. Without the correct password, on a properly configured Zope server, I'm pretty sure that the user will get the exact same error message if they can't access document_37 -- no matter whether it is because it doesn't exist or because they don't have permission to view it. Cheers, Terry -- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com