Dylan Reinhardt <Dylan@DylanReinhardt.com> writes:
At 09:29 AM 3/4/2003, Ricardo Anguiano wrote:
1. I want to restrict file access by user.
2. I want to serve objects from zope to accomplish objective #1 above, but I want the objects to be in the filesystem.
You can do that with Zope, but reading between the lines a bit, these sound like static files you're serving.
The files will be updated nightly. The distinction between static files which are updated often and dynamic content has never been clear to me. The files are large so I don't want to stick them into the zope db.
If so, I'd recommend putting Apache in front of Zope and letting Apache handle it with a RewriteRule like:
RewriteRule ^/files/(.*) /home/httpd/mysite/files/$1 [L]
It doesn't get much easier than that. ;-)
True, but this option was rejected because there was no authentication. We could do a .htaccess thing, but we are already using zope and it already does users nicely.
Zope should (IMO) be used primarily for serving dynamic content. It's fantastic at what is does well, but it just doesn't hold a candle to Apache for serving static content... nor should it. They're two very different tasks.
I want to be able to say, "The contents of directory X are available only to user Y."
This isn't a great idea, for the most part. If you're looking for more than trivial security, I wouldn't volunteer information like that.
Hmm. I don't understand. Zope provides lots of control over users, roles and content. Are you saying I should ignore that framework and use something else? Zope's access control, users, passwords and SSL meet our needs. The only other thing I can think to do in this case is to issue SSL client certs to verify the user's identity. Users already access the content via https only and have no local access to the machine.
Cool domain name. :-)
Thanks, I can't take credit for that one. :) [PS: apache+ssl+zope+localfs seems to be doing the job nicely. It took me a few minutes this morning.] -- Ricardo Anguiano http://www.codesourcery.com