[Sinclair]

Example : a document has url : $ZOPE/.../document_manager/document_37.

I wish the displayed url looks like : $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4

That is the document_manager who translates an unreadable parameter to document real url.

What I want to avoid is somebody trying to access manually to document_38, document_39, etc., just to add more security...

If I wanted to look at the document, I would just copy and paste that document number. Do you really mean that you do not want people to be able to __guess__ other neraby URLs? Why would you not want that? If you think that an unauthorized person should not be able to view a given page, you need to apply some authorization machinary. An obfuscated URL is not really enough. If that is not what you mean, then presumably you are willing to allow any user to access those pages. Why, then, would you want to make it harder for them to do so? If you want the pages to appear only within their intended frame, a user with the right browser can easily defeat that intention unless you enforce it using javascript in the page. Please explain further why you wish to restrict access to those pages, then maybe you will get more useful suggestions. Cheers, Tom P