[Zope-dev] acl_users
Bill Anderson
bill@noreboots.com
Wed, 20 Sep 2000 21:24:57 -0600
"Phillip J. Eby" wrote:
>
> At 07:55 PM 9/20/00 -0600, Bill Anderson wrote:
> >
> >Potentially silly question:
> >
> >Any reason why a 'user folder' object has to be named 'acl_users'.
> >
>
> Interesting. A quick search of the Zope source turns up only 9 references
> to 'acl_users', found in only 4 source files.
<dtml-snip brevity>
> Personally, I think it's an intriguing idea, as I have had more than one
> application where I would rather have called a LoginManager by some name
> other than 'acl_users'. But I'm not sure it would be worth the work.
One of the ideas I am kicking around is that of
CommunityMembershipSystem.
In Membership-CMS, a user folder owuld need to be made, to house the
user's objects. Now, there are a few ways of doing this...here are two:
1) Have the install method add a folder to do this with
2) Have the objects stored in the user object.
Both have their ups and downs.
For example, (2) would not deperate UID from URL's too cleanly; though
it would be easier to implement in short order. Meanwhile, (1) requires
the install method be given more information (where to put the folder?),
and could be trickier to debug.
In (2), the url to the member's folder would be "/Members/username"
instead of /acl_users/username", provided the userfolder could be named
something else. I don't see a reason off hand for a UserFolder to be
renamable.
Another reason I have considered it, is that it lends a _weak_ amount of
security-through-obscurity. For example, if you see the following in a
URL ".../acl_users/loginForm", you know that the site is running Zope,
and where the authorization takes place. I dunno if I like it being
_that_ obvious.
--
E PLURIBUS LINUX