Dylan, thank you very much for help, it works - I'm only not able to "return the contents of F with method M" (simple RESPONSE.redirect doesn't work because then it reads directly the files which it has not privileges to access) - is there some easy way to return file contents using method M? Thanks, Lubos. On Thu, 13 Feb 2003 08:52:32 -0800, Dylan Reinhardt <zope@dylanreinhardt.com> wrote:
Assume you have file F and method M.
Ensure that nobody but a Manager has any privileges for F. This will have the effect of making it unobtainable directly.
Set up M so that it performs whatever security dance is required and returns the contents of F when appropriate. Give M the proxy role of Manager so that it can gain access to F.
If you want to get a little more tricky, create a new role that's used just for this purpose. Give that role permissions on F and run M in that proxy role.
As far as the user or their software is concerned, file F will have M's URL.
HTH,
Dylan
At 07:39 AM 2/13/2003, Lubos Culen wrote:
Hi!
I have simple task to develop in Zope - make secure files available for download, but the user shouldn't see the REAL URL of the files (neither in browser nor in any download manager). Is it possible to do this through Zope? Thanks for answer,
Lubos.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Regards, Lubos Culen (Mirsoft) INFO: http://www.mirsoft.info ICQ: 658788