On Tue, 9 Nov 1999, Janko Hauser wrote:

Using the UserDB product to authenticate is it possible to make a folder only viewable from a special domain? I have problems because this should work for the default anonymous user, which is not registered in the UserDB.

It will be possible using the GenericUserFolder product which is currently available as an Alpha version and will be released for a (hopefully short) beta in the next day or two (cookies are working securly and even work simultaneously with remote_user authentication mode). It can easily pull users from a database and provides more flexibility than UserDB. With GenericUserFolder, you will be able to programatically determine which Roles are assigned to a user depending on REMOTE_HOST or REMOTE_ADDR by writing a DTML Method, External Method, ZSQL Method - whatever. Note that this could cause confusion however - a product is allowed to lookup the roles assigned to another user (eg. to populate a list with the users with a given permission on an object). You would need to check that AUTHENTICATED_USER == 'the username you are retreiving roles for' and if so, determin the roles dependant on the domain. Otherwise, you would have to return some sort of default role. I could see this would be useful for me to document, as it would allow nice security concepts such as 'I can only log in as manager from this network'. Can anyone comment on the reliability and spoofability of REQUEST.REMOTE_ADDR in Zope? ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen