several questions about shared libraries and security
Hello! The former I wrote python library. This lib is used to interact with database and defines some hi-level methods. I'm planing to use this lib in scripts, running on the same machine and zope. Now library is located on /usr/local/lib/. Is it possible to use it in zope? And the later i wanted to now how i can create a flexible access rules? There are two procedures needed: authentication and authorization. The first is not difficult to realize with "user folder". But what is the ability to control access rights of users for access to some types of information? I'm thinking it will about 10 users at all. Do I need to use pgUserFolder for this? Thank you,All! ;-)
--On 1. November 2005 12:21:34 +0400 "Denis V. Gudtsov" <denis@aogarant.ru> wrote:
Hello!
The former I wrote python library. This lib is used to interact with database and defines some hi-level methods. I'm planing to use this lib in scripts, running on the same machine and zope. Now library is located on /usr/local/lib/. Is it possible to use it in zope?
The Python module must be *somewhere* in the Python search path for modules (check the Python documentation for details, check for PYTHONPATH). In addition the library referenced through your Python module must be somewhere in the library search path (see /etc/ld.so.conf, man LD_LIBRARY_PATH).
And the later i wanted to now how i can create a flexible access rules? There are two procedures needed: authentication and authorization. The first is not difficult to realize with "user folder". But what is the ability to control access rights of users for access to some types of information? I'm thinking it will about 10 users at all. Do I need to use pgUserFolder for this?
There are a bunch of options: ExUserFolder, PGUserFolder, PAS (Plugabble Authentication Service). -aj
Denis V. Gudtsov wrote at 2005-11-1 12:21 +0400:
... And the later i wanted to now how i can create a flexible access rules? There are two procedures needed: authentication and authorization. The first is not difficult to realize with "user folder". But what is the ability to control access rights of users for access to some types of information?
Did you read about the Zope concepts of "permission", "role" and "permission-role-mapping" (--> Zope Book)? They are used for Zope standard authorization subsystem. You can also implement your own access control (based on any rules you like) in "accessor" scripts with "proxy roles". -- Dieter
participants (3)
-
Andreas Jung -
Denis V. Gudtsov -
Dieter Maurer