How can I give the authority of writing in a certain folder of my Zope to the Anonymous user?
Dear all, I want to Anonymous user could upload files to my Zope. How can't give the Anonymous user the writing authority in a certain folder. You suggestion will be appreciated. Denny
Hi Denny,
I want to Anonymous user could upload files to my Zope. How can't give the Anonymous user the writing authority in a certain folder. You could give the Anonymous user the permission of "Add Documents, Images, and Files" in the "Security" tab, but it would be dangerous because every body could upload files there and your server could be used as a kind of ftp server.
Regards, Josef
Hi Josef, Thank you so much for you help and kind advice! By the way: Is there a way I can set the max-size of a folder? Then it will be more security. Best wishes, Denny 2005-03-23 10:46 +0100��Josef Meile��
Hi Denny,
I want to Anonymous user could upload files to my Zope. How can't give the Anonymous user the writing authority in a certain folder. You could give the Anonymous user the permission of "Add Documents, Images, and Files" in the "Security" tab, but it would be dangerous because every body could upload files there and your server could be used as a kind of ftp server.
Regards, Josef _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Thank you so much for you help and kind advice! By the way: Is there a way I can set the max-size of a folder? Then it will be more security. You may try:
http://www.zope.org/Members/ccube/QuotaAW http://www.zope.org/Members/ivo/QuotaFolder if you are using CMF, then you can use: http://www.zope.org/Members/ccube/CMFFolder I also advice you to limit the file size a user can upload. If I'm not wrong, there was a thread about this this or last month. Some body posted a nice way of getting the size of the uploaded[1] file before storing it on the ZODB. [1]: Off course the file is uploaded in some temporal location in the server (I think so, not sure) with the html form, but then the python logic decides whether or not store it on the ZODB. Ah, I also think a better alternative to the one I give you before, would be to create a role lets say "Uploader", then give it the "Add Documents, Images, and Files" permission and do a script with the proxy role set to "Uploader". I think is more secure since you can control from there the size of the uploaded files. Regards, Josef
Use a multipart form containing a file input type - pick up the content in the action REQUEST object and do with it what you will. You only need to give the processing script a proxy role that includes an Add Documents, Images and Files permission if you want to create a file object. It is probably a bad idea to let Anonymous users upload files for storage for later download! Parsing the file to send back some stats would not require any special permissions. Cliff libsvm wrote:
Dear all,
I want to Anonymous user could upload files to my Zope. How can't give the Anonymous user the writing authority in a certain folder.
You suggestion will be appreciated.
Denny
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (3)
-
Cliff Ford -
Josef Meile -
libsvm