[Security] How to encrypt a Zope oid ?
Hi folks, I want to mask the real the id that appears in the browser url display. Is there any way to encode/decode the url in the Zope side ? Thanks for advance.
What is the sense to encode the URL? -aj --On Samstag, 13. September 2003 17:44 Uhr +0200 Sinclair <fred.duwez@freesurf.fr> wrote:
Hi folks,
I want to mask the real the id that appears in the browser url display.
Is there any way to encode/decode the url in the Zope side ?
Thanks for advance.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
What is the sense to encode the URL?
Maybe it's not an english word ? (Sorry, I'm french...:)) I just want to mask the real URL for the final user. I think that's a common feature. I have imagined to make an encryption (is that the right word ?) of the object ID before sending it to the browser.
Sinclair wrote at 2003-9-13 18:39 +0200:
What is the sense to encode the URL?
Maybe it's not an english word ? (Sorry, I'm french...:))
I just want to mask the real URL for the final user. I think that's a common feature.
It's not a question of English or French... The final user's browser needs to understand the final URL, doesn't it? That limits your ability to conceal or encrypt the URL... Dieter
It's not a question of English or French...
The final user's browser needs to understand the final URL, doesn't it? That limits your ability to conceal or encrypt the URL...
OK, but with Zope, you can build a application controller who call decode parameters and call the real zope object. Or a simple page page controller who encrypt his parameters : Example : a document has url : $ZOPE/.../document_manager/document_37. I wish the displayed url looks like : $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4 That is the document_manager who translates an unreadable parameter to document real url. What I want to avoid is somebody trying to access manually to document_38, document_39, etc., just to add more security... Sinclair
Sinclair wrote:
Example : a document has url : $ZOPE/.../document_manager/document_37.
I wish the displayed url looks like : $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4
Why on EARTH would you want to do that? If you're concerned abotu security, look at the Zope Security model and consider putting Apache with mod_ssl in front of Zope. cheers, Chris
On Monday 15 September 2003 02:24 am, Sinclair wrote:
OK, but with Zope, you can build a application controller who call decode parameters and call the real zope object. Or a simple page page controller who encrypt his parameters :
Example : a document has url : $ZOPE/.../document_manager/document_37.
I wish the displayed url looks like : $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4
That is the document_manager who translates an unreadable parameter to document real url.
Then, first of all, you should ensure that no one *can* directly access "document_37" by restricting viewing to say, management roles only. Then, "document_manager" is a python script that uses a proxy role (i.e. *it* has the permission required to view document_37). This python script decodes the given URL to decide what to return and returns that. The encoding scheme is unspecified, of course. I'm woefully ignorant of cryptography, but it seems to me that this is the sort of thing that GPG can do (i.e. create a reversible encoding of a string). But there may be a simpler solution to that. Frankly, though, I can't see that this is buying you much security in real life. If the password protection on "document_37" is good enough to be useful, then you should be able to rely on it (and avoid proxy roles). If it's not good enough, then merely obfuscating the location like this seems a bit inadequate. Without the correct password, on a properly configured Zope server, I'm pretty sure that the user will get the exact same error message if they can't access document_37 -- no matter whether it is because it doesn't exist or because they don't have permission to view it. Cheers, Terry -- Terry Hancock ( hancock at anansispaceworks.com ) Anansi Spaceworks http://www.anansispaceworks.com
It's not a question of English or French...
The final user's browser needs to understand the final URL, doesn't it? That limits your ability to conceal or encrypt the URL...
OK, but with Zope, you can build a application controller who call decode parameters and call the real zope object. Or a simple page page controller who encrypt his parameters :
Example : a document has url : $ZOPE/.../document_manager/document_37.
I wish the displayed url looks like : $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4
That is the document_manager who translates an unreadable parameter to document real url.
What I want to avoid is somebody trying to access manually to document_38, document_39, etc., just to add more security...
Okay, that makes some sense. But seems to me that the most reasonable answer is to not provide the objects with sequential names in the first place. Since no one will see them like that, who cares? But: presuming that you need the real objects named exactly like that for some reason, there are several approaches you could take: give everything you want accessed a property that is arbitary. Write a simple Python script to fetch the object (document_manager) with the property matching the number provided by the URL (document). An optimization of this is to store a single dictionary with fake_name:real_name scheme. The generation of the fake_names could be manual or automatic, depending on scale and need. provide a folder not publically accessible and in your public folder, create objects that point to the real ones, but give them arbitary names. You could use PortableHole, Python scripts (return private.doc1), or any number of products you might find on Zope.org. The good thing here is that everything still works like Zope objects (you can use objectItems instead of having to get the list out of a dictionary.) I'm sure there are other clever methods to do this. --jcc -- "My point and period will be throughly wrought, Or well or ill, as this day's battle's fought."
Hi Sinclair, Sinclair wrote:
What is the sense to encode the URL?
Maybe it's not an english word ? (Sorry, I'm french...:))
I just want to mask the real URL for the final user. I think that's a common feature.
I have imagined to make an encryption (is that the right word ?) of the object ID before sending it to the browser.
You must have a funny understanding about the web ;) Nobody sends a doc id to the browser. All whats sent are documents with Links in it which actually point to URLs. The calculation is entirely done in the browser and it them comes up with the request which the server might answer. The server uses the URL to find the desired object to publish. Since this is at least some kind of code, what else do you need to obfuscate and why do you need it? Regards Tino
participants (7)
-
Andreas Jung -
Chris Withers -
Dieter Maurer -
J Cameron Cooper -
Sinclair -
Terry Hancock -
Tino Wildenhain