[Zope] Fw: [Zope] Zope and Database user authentication

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Wed, 13 Oct 1999 15:38:11 +1000 (EST)


On Tue, 12 Oct 1999, Jim Sanford wrote:

> I handled this by creating a username and password in the top level
> acl_users folder. I then wrap every call to retrieve data in a call
> (<dtml-in "Query.UserSettings()"> )to an SQL method that returns permissions
> and other settings for the authenticated user's name. The SQL methods have
> embedded tests for what data can be returned based on the user settings.

You want your security defined in one place though. If the security is
defined at the database backend, then multiple front ends (one of which
can be Zope) can be used securely. I also have ludites to support who 
require command line tools to generate their reports (hmm.... todo.... use a 
'lynx -source' wrapper for future report updates....)

 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen