Jens Vagelpohl wrote:
Those can be spoofed as well. There's no increased security there.
Hello Jens is the domain filtering in zope going by the client ip in the http header ? i assume you mean the clientip value in the http header can be set to any value without affecting the actual IP it originated from ? if thats the case then domain filtering in zope is not useful in my opinion. please point out fallacies in my reasoning if any :) ty sathya
jens
On Jun 14, 2004, at 10:57 AM, Passin, Tom wrote:
I asked for suggestions on restricting access to otherwise anonymously-accessable pages and methods. It has been pointed out to me off line that that restriction by domain *name* can have security problems. But my terminology was misleading, becaues that is not quite what I had in mind.
I am asking about restriction by specific IP number ranges, like 140.90.*.*, not by domain *name*.
Cheers,
Tom P
For a Zope 2.7/Plone 2 site, I would like to restrict (otherwise) anonymous access to certain specific pages or methods to people making the request from specific domains. I know that I can specify a domain for a particular user, but I want this to apply to anyone, without any special per-user configuration, and without requiring a login.
Also I want to do this without putting Zope behind Apache or any other proxy, if this is possible.
I don't recall seeing this discussed. Does anyone have suggestions as to how to accomplish this?
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )