[Zope] - Authenication problems when on webhost?

Phillip J. Eby pje@telecommunity.com
Tue, 08 Dec 1998 15:16:29 -0500


At 01:54 PM 12/8/98 -0600, Jimmie Houchin wrote:
>I haven't installed Zope yet. I have been reading the documentation and
>posts here. There have been a couple of post by Michael Grinder which have
>not been answered and concern me. Maybe they have not been answered because
>there isn't a good solution. If that is the case I prefer to know.
>
>For those of us who have to use a webhosting service we are at the mercy of
>what  they (the webhost) will permit and what is required configuration
>wise by Zope.
>
>Are there any options for configuring for Authorization that can be done by
>those of us who use a webhosting service?
>

There are several ISP's whose servers support HTTP_AUTHORIZATION, including
Hiway, RapidSite, and a number of regional telcos who outsource their
hosting through Hiway/RapidSite.  Hiway and RapidSite run an Apache variant
known as "RapidSite/Apa-1.2" which was patched to pass through the
HTTP_AUTHORIZATION environment variable to CGI scripts.  In their CGI
environments, all scripts run as the Unix user ID of the customer, so there
are no security issues with making HTTP_AUTHORIZATION available.  This
means that ZOPE should run virtually out of the box on a Hiway or RapidSite
host.  A couple of points to mention, though...  Hiway does not allow you
to run your own servers, so ZopeHTTPServer is absolutely out.  Since Hiway
servers are also periodically rebooted for various kinds of maintenance,
you cannot rely on such a process staying up indefinitely anyway.  This
also means you need to be sure if you're using an LRP that it can
auto-start from the web.

I know all this stuff because I work for Hiway/RapidSite and have
implemented ZPublisher-based internal applications there.  I've switched
away from using my work e-mail address on the list, however, because I
don't want anything I say to be misconstrued as official statements on the
part of the company.