Within the ExternalMethod you could check the ACTUAL_URL variable (in REQUEST) and if the name of the external method is found you could redirect the user to a "you're a baaad user" page. Jonathan ----- Original Message ----- From: "Pedro LaWrench" <pedrolawrench@yahoo.com> To: <zope@zope.org> Sent: Tuesday, April 28, 2009 11:04 AM Subject: [Zope] how to prevent URL access to an external method? I need to do something on the filesystem, which requires unrestricted python, so I created an external method. The problem is that anyone can call that directly via URL, so I added a permission check. Even then, users with the sufficient permissions can call this via URL, which I don't want them to do. I only want them to have access indirectly from other pages (such as a page template that will pass sane parameters). Is there anyway to do this? Thanks, PL _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -------------------------------------------------------------------------------- No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.12.6/2084 - Release Date: 04/28/09 06:15:00