[Fwd: [Zope-dev] How to access the internals of Zope ?]
Hi, Zopesters I forward my old question to Zope list, as there was no reaction in Zope-dev:
Hannu-- Have you taken a look at the .dtml files in lib/python/App, such as manage.dtml? Here's where you can enforce some new policies. --Paul Hannu Krosing wrote:
Hi, Zopesters
I forward my old question to Zope list, as there was no reaction in Zope-dev:
------------------------------------------------------------------------
Subject: [Zope-dev] How to access the internals of Zope ? Date: Thu, 29 Apr 1999 01:36:15 +0300 From: Hannu Krosing <hannu@trust.ee> Organization: Trust-O-Matic OÜ To: zope-dev@zope.org
How can I access (modify) the DTML for /manage frameset and possibly other management frames ?
I want to make the management screens available through HTTPS only (to protect the innocent from revealing their passwords to sniffers), and I quess it would be trivial by adding something like
<!--#unless HTTPS--><!--#raise "Not Found"--><!--#unless-->
in a few places, but I have'nt been able to find the right places yet.
Is it possible using the management interface, or do I have to access the BoboBase directly?
Or would it be better to hack the UserDB and add a special flag to users who may authenticate through HTTPS only ?
---------------- Hannu
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://www.zope.org/mailman/listinfo/zope-dev
(For non-developer, user-level issues, use the companion list, zope@zope.org, http://www.zope.org/mailman/listinfo/zope )
Paul Everitt wrote:
Hannu--
Have you taken a look at the .dtml files in lib/python/App, such as manage.dtml? Here's where you can enforce some new policies.
--Paul
Thanks, I'll look there. I was under impression that the whole UI comes from the ZopeDB and so did not even try to find the pages in their own files. I did try to access them as /Z/manage/manage but with no success. --------------- Hannu
Hannu Krosing wrote:
(snip)
I want to make the management screens available through HTTPS only (to protect the innocent from revealing their passwords to sniffers), and I quess it would be trivial by adding something like
<!--#unless HTTPS--><!--#raise "Not Found"--><!--#unless-->
in a few places, but I have'nt been able to find the right places yet.
Is it possible using the management interface, or do I have to access the BoboBase directly?
Or would it be better to hack the UserDB and add a special flag to users who may authenticate through HTTPS only ?
IMO, this is the right way to solve this problem. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
participants (3)
-
Hannu Krosing -
Jim Fulton -
Paul Everitt