Metadata in zope / binary data on FS, was Re: [ZODB-Dev] __del__ with Persistent objects

[Paul Winkler]

On Sat, Jul 19, 2003 at 02:30:15AM +1000, Stuart Bishop wrote:
> >1) is there any existing zope product that does this job? metadata in
> >zope, binary files on disk served by apache or whatever?
> 
> If there isn't, I'm happy to post my code as a starting point (it is
> currently application specific, but it would be hardly any work to make
> it more generic).

That would be interesting, yes!

> >2) has anybody used APE on a production site to handle filesystem
> 
> But this may be a better starting point...
> 
> >The biggest problem I see: security.
(snip)
> I think the trick would be to redirect (if the user is allowed access) 
> to
> a random path (generated with a symlink at the same time as the 
> redirect is
> issued), which would then be cleaned up perhaps half an hour later
> via cron.

Hm. That doesn't really make it impossible for an unauthorized person
to get a file, just very very unlikely depending on how good your 
path-generation algorithm is :-)  

I doubt our security people would approve that scheme.
Some of the stuff we serve is medical data which comes with some
heavy legal requirements wrt. security.

> I like the idea of the .htaccess file (although I'm stuck with
> cookie auth, and I don't know if Apache could be abused to allow access
> based on the Zope2 session id or an auth cookie).

I seem to recall reading something about realm-based cookie auth
but I don't remember where.

-- 

Paul Winkler
http://www.slinkp.com
Look! Up in the sky! It's COSMIC FJUK OMEGA!
(random hero from isometric.spaceninja.com)