[Zope-CMF] Eliminating the /Members directory?

David Elfstrom elfstrom@sten.sunnybrook.utoronto.ca
Mon, 19 Aug 2002 14:20:00 -0400


--=======13434915=======
Content-Type: text/plain; x-avg-checked=avg-ok-2EE650C5; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 8bit

Thanks, Andy!  It's never too late :-)

>*** This is what I describe as 'security through obscurity'. But then, I
>don't think my members are out to hack my site!!!. I actually feel it's an
>area which Zope lacks. If you have access to a folder, then you have access
>to everything below it. There are no rules for "You can only access what you
>made".

An alternative would be to use a database table to store the news item, 
along with the member's name. Then you could let only the member edit it. 
But that would take us away from the whole zen of Zope!

David


---
  David Elfstrom, P.Eng   elfstrom@sten.sunnybrook.utoronto.ca
  Systems Engineer, Research Computing
  Sunnybrook & Women's College Health Sciences Centre
  Rm#S6-20, 2075 Bayview Avenue, Toronto, Canada  M4N 3M5
  phone: 416-480-6100 x3416    fax: 416-480-5714

--=======13434915=======
Content-Type: text/plain; charset=us-ascii; x-avg=cert; x-avg-checked=avg-ok-2EE650C5
Content-Disposition: inline


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.381 / Virus Database: 214 - Release Date: 8/2/2002

--=======13434915=======--