Re: [Zope] VirtualHostMonster: access to all content in instance
Hey Andrew, thanks for your fast reply. On 04/07/2008 Andrew Milton wrote:
| Is this a known issue? I consider that as a quite serious bug, as both | project1 and project3 might be private and should not be published over | the globally available apache rewriterule.
Welcome to Acquisition 101.
This is known behaviour, and in fact for most of us *wanted* behaviour. You will have to restructure your Zope to avoid this, or set appropriate permissions and acl_users to avoid cross-contamination of the sites.
Oh, too bad ... How to deal with that '*wanted* behaviour' if I do have several public projects on the same zope instance but don't want all of them being accessible through the domain of every other project? For example two competing projects/organisations might be hosted on one and the same zope instance, and for sure project 'red' would hate it to make project 'green' available through their domain via http://www.red.org/green. greetings, jonas
+-------[ Jonas Meurer ]---------------------- | Hey Andrew, | | thanks for your fast reply. | | On 04/07/2008 Andrew Milton wrote: | > | Is this a known issue? I consider that as a quite serious bug, as both | > | project1 and project3 might be private and should not be published over | > | the globally available apache rewriterule. | > | > Welcome to Acquisition 101. | > | > This is known behaviour, and in fact for most of us *wanted* behaviour. | > You will have to restructure your Zope to avoid this, or set appropriate | > permissions and acl_users to avoid cross-contamination of the sites. | | Oh, too bad ... | | How to deal with that '*wanted* behaviour' if I do have several public | projects on the same zope instance but don't want all of them being | accessible through the domain of every other project? For example two | competing projects/organisations might be hosted on one and the same | zope instance, and for sure project 'red' would hate it to make project | 'green' available through their domain via http://www.red.org/green. You setup your folders with an acl_users (I assume they actually do have one). /projects/red/acl_users /projects/green/acl_users Set up "Green" role on green Set up "Red" role on red Uncheck 'Acquire' from the permissions. Remove Red permissions on green Remove Green permissions on red Make sure each user in the relevant project folder has the right role too. Then red.org/green would go /projects/red/green/ Assuming your username/password pair doesn't exist in both acl_users the red will authenticate you and give you the 'red' role which won't allow you to view the green folder. -- Andrew Milton akm@theinternet.com.au
On 04/07/2008 Andrew Milton wrote:
| How to deal with that '*wanted* behaviour' if I do have several public | projects on the same zope instance but don't want all of them being | accessible through the domain of every other project? For example two | competing projects/organisations might be hosted on one and the same | zope instance, and for sure project 'red' would hate it to make project | 'green' available through their domain via http://www.red.org/green.
Set up "Green" role on green Set up "Red" role on red
Uncheck 'Acquire' from the permissions.
Remove Red permissions on green Remove Green permissions on red
Make sure each user in the relevant project folder has the right role too.
Then red.org/green would go
/projects/red/green/
Assuming your username/password pair doesn't exist in both acl_users the red will authenticate you and give you the 'red' role which won't allow you to view the green folder.
But what if both project red and green want to make their website available to anonymous, not only to authenticated users? If you have private projects which do require user login, your solution may be sound, but for public projects, it definitelly is no solution. Or would you suggest to submit username/password for a default user within the apache rewriterule? (if that's possible at all) Would it work to add a VirtualHostMonster for every single project and use that one instead of a global one in the rootdirectory of the instance? I know that the docs for VirtualHostMonster say that you only need one, but does it have any disadvantages to use more (for each project an own) if it is a solution to my problem at all? thanks for your fast reply again :-) greetings, jonas
On Fri, Jul 4, 2008 at 3:56 PM, Jonas Meurer <jonas@freesources.org> wrote:
But what if both project red and green want to make their website available to anonymous, not only to authenticated users? If you have private projects which do require user login, your solution may be sound, but for public projects, it definitelly is no solution.
These days, with hardware cheap, it's best practice to host only one site per zope instance. You'll find it much easier to maintain the software stack for each site this way as well, as you can give each site dedicated software versions. -- Martijn Pieters
participants (3)
-
Andrew Milton -
Jonas Meurer -
Martijn Pieters