Access Permission by Domain and without Login?
For a Zope 2.7/Plone 2 site, I would like to restrict (otherwise) anonymous access to certain specific pages or methods to people making the request from specific domains. I know that I can specify a domain for a particular user, but I want this to apply to anyone, without any special per-user configuration, and without requiring a login. Also I want to do this without putting Zope behind Apache or any other proxy, if this is possible. I don't recall seeing this discussed. Does anyone have suggestions as to how to accomplish this? Cheers, Tom P
Passin, Tom wrote at 2004-6-11 15:08 -0400:
For a Zope 2.7/Plone 2 site, I would like to restrict (otherwise) anonymous access to certain specific pages or methods to people making the request from specific domains. I know that I can specify a domain for a particular user, but I want this to apply to anyone, without any special per-user configuration, and without requiring a login.
Also I want to do this without putting Zope behind Apache or any other proxy, if this is possible.
I don't recall seeing this discussed. Does anyone have suggestions as to how to accomplish this?
It has been discussed -- several times... Zope contains an old feature: users without password but with domain restriction. Zope is ready to perform an automatic login for such users. The feature is now considered arcane and a security risk. It is disabled by default but you can enable it. Looking at the source ("AccessControl.User") or searching the archives will reveal the necessary details. -- Dieter
participants (2)
-
Dieter Maurer -
Passin, Tom