[Zope] Basic public manage access questions
Jason Cunliffe
jasonic@nomadicsltd.com
Fri, 15 Oct 1999 15:45:08 +0200
Hello
Thanks for the answer, but I am afraid I still need some more help here..
At 15:46 14/10/99 +0200, Martijn Pieters answered my questions, and wrote:
>You could switch to cookie based authentication. UserDB, a User Folder that
>authenticates against a backend RDBMS, supports cookies, and so does the
>User Folder that is used at zope.org. Cookies you can expire, and that
>browser with the 'remember password' can be told to forget about a certain
>HTML password input box (which it normally could aslo remember for you).
1. I confess cookies are now a major <neglected> topic on my learning
curve_horizon, thanks to the above advice. But please where can I see any
examples (for example) of how zope.org does it. Or anyone else... Are you
all zipping along with nice cookie user logon strategies, or do you all
quit and restart.. what's the story here?
2. It really seems to me what I am asking should be one of the default
[non-advanced] developer modes for Zope. When you demo to clients or
prospective clients, IMHO it is _really_ important not to have 'quit'
application[browsers especially], wait re-load, explain (like they
care!)etc... But, it's not just the demo, it's really the ongoing use of
the thing; where one has effectively no control over how people will use
their browsers.
3. Specifically when you say RBMDS backend - does this include the
integrated Zope database - or am going to have to kludge-on an external
solution?
4. OK hopefully I'll come back in a few days much smarter about
zope.cookies and having found a lovely way around this. But what do you
think about a basic default means to switch quickly between:
a.> developer_manager-savvy behavior (current)
and
b.> demo_client_real-world behavior where a timeout or change of focus
immediately requires login?
All done using default Zope features as available through the V2.x
download. Am I describing a Zope product here which is still too trivial
and/or low on people priorities? Or is this simply some clever DTML/python
available now?
5. In general I am no doubt among many who are champing at the
documentation bit. It's great to see what speed docs _are_being developed.
I know what I want, and to hand out to others, is lovely handy edition of
'Zope In A Nutshell'. [$15-$25, O'Reilly]. To sit on the shelf next to :
Python, Learning Python, and Python Win32(Dec'99). and of course a slender
sister companion 'Zope - pocket reference'
...
"O'Reilly's 'Zope in a Nutshell' [ZIAN] has that blessed combination of
long lucid intro-overview chapters, copious clear tables, rich appendices,
and many many short examples embedded throughout the text, and some design
overview techniques drawn from real-world case studies"
Till then I comb through, print-out and read everything I can get my hands
on. but it It is embedding of small but crucial examples which really makes
the difference. IMHO, this is what the 'The Zope Quick Reference Document'
needs to make it truly useful. And yes I know how much work it is, and like
someone else suggested, I too would be willing to pay towards helping
getting it done.
Thanks for shining any more light
- Jason Cunliffe
[snip]
[My question was:]
[snip]
>>I am concerned about how to prevent access to management screens when
>>someone does not fully quit the web browser after a management session.
>>Either I have missed something so basic about zope permissions, or it has
>>missed my application.context.
>>
>>It seems that if I log-on as zope site manager/developer/contentprovider,
>>and do some priviledged site work, but then walk away from the browser [
>>even though I have left it on another URL entirely], then the next person
>>can step up to the machine, click 'back', use 'history', or type in
>>www.mysite.com:8080/somefolder/manage - and bingo slide back into my shoes
>>with those powers!
>>
>>...oops! ouch.. Tell me I am wrong please. If this is true what does anyone
>>recommend?
[snip]
>>Is there some nice code {Javascipt/Zope} you can think of to check the fact
>>once the browser focus has moved onto another page or something, then I am
>>obliged to re-enter user:password information?
>>
>>Ditto what can I do when a user of the browser has selected the 'remember
>>password' item?
>>Is there a clean way to zope around this?
-------------------------------------------------
Jason Cunliffe <jasonic@nomadicsltd.com>
NOMADICS.STUDIO(Design Director)
Geo-Digital Arts and Technology
Le Vieux Moulin, Route de Mons
83440 SEILLANS, FRANCE
Tel: +33 (0)4 94.76.98.72
Fax: +33 (0)4 94.76.97.77
<jasonic@nomadicsltd.com>