[Zope] Basic public manage access questions
Jason Cunliffe
jasonic@nomadicsltd.com
Thu, 14 Oct 1999 15:11:24 +0200
Hello
Like most here I am very impressed with Zope - concept, community, scope,
potential etc. and am specifying Zope for an upcoming maritime transport
e-commerce project. Users & End-users (are there really ever such a group?)
may be using our 'smart-map' web site from kjhkh-knows-what machine,
fdsf-knows-where.
I am concerned about how to prevent access to management screens when
someone does not fully quit the web browser after a management session.
Either I have missed something so basic about zope permissions, or it has
missed my application.context.
It seems that if I log-on as zope site manager/developer/contentprovider,
and do some priviledged site work, but then walk away from the browser [
even though I have left it on another URL entirely], then the next person
can step up to the machine, click 'back', use 'history', or type in
www.mysite.com:8080/somefolder/manage - and bingo slide back into my shoes
with those powers!
...oops! ouch.. Tell me I am wrong please. If this is true what does anyone
recommend?
Yes, I can give people beautifully written instructions: DO NOT do
'thisXYZABC'- please_Youvebeenwarned' .. but real-world conditions with
people I may never meet, who don't speak English very well, or are using a
Kiosk terminal etc are another matter.
[not to mention speaking simple webese- or intermediate zope/python not too
well]
Is there some nice code {Javascipt/Zope} you can think of to check the fact
once the browser focus has moved onto another page or something, then I am
obliged to re-enter user:password information?
Ditto what can I do when a user of the browser has selected the 'remember
password' item?
Is there a clean way to zope around this?
Thanks and kudos to all your generous work here
- Jason Cunliffe
-------------------------------------------------
Jason Cunliffe <jasonic@nomadicsltd.com>
NOMADICS.STUDIO(Design Director)
Geo-Digital Arts and Technology
Le Vieux Moulin, Route de Mons
83440 SEILLANS, FRANCE
Tel: +33 (0)4 94.76.98.72
Fax: +33 (0)4 94.76.97.77
<jasonic@nomadicsltd.com>