[Zope] Security and containment (was Re: [Zope] Acquisition? Did I just lose my Zen?) Zen?)

Rik Hoekstra hoekstra@fsw.leidenuniv.nl
Thu, 23 Sep 1999 09:38:25 +0200 

Date sent:      	Tue, 21 Sep 1999 21:04:48 +0200
To:             	"Ross J. Reedstrom" <reedstrm@wallace.ece.rice.edu>, zope@zope.org
From:           	Martijn Pieters <mj@antraciet.nl>
Subject:        	Re: [Zope] Security and containment (was Re: [Zope]
 	Acquisition? Did I just lose my Zen?) Zen?)

> At 19:25 21-9-99 , Ross J. Reedstrom wrote:
> >This doesn't answer Martijn's question, though, about overriding the root
> >standard_header and standard_footer, overcoming the order-of-aquisition
> >problem. Any clever ideas out there?
> 
> I have a few ideas, just haven't had the time to work them out yet. I have 
> a deadline on a paper on Thursday, and an important exhibition tomorrow.
> 
> Basically I do this:
> 1. Only one standard_html_header and -_footer, that include context_header 
> and -_footer.
> 2. frames and noframes standard_html_header and -_footer renamed to 
> context_header and -_footer.
> 3. A third folder (lets name it content) that has the old root folder 
> standard_html_header and -_footer copied to context_header and -_footer.
> 4. Hack standard_error_message to look out for a AttributeError on 
> context_header. If it occurs, a direct URL to content (without a /frames, 
> /noframes or /content prefix) was called, so we redirect with a prepended 
> /frames or /noframes (depending on the cookie).
> 
> Now a frameset uses the same URL, but with /content prepended.
> 
> So:
> /frames/home gives you a frameset with in the content frame the page 
> /content/home. The no-frames version has the URL /noframes/home
> 

Martijn,

as you point out, there are many solutions (all a bit hackish). Just 
one more _very_ simple idea, which is at least a solution to some of 
these problems:  changing the order of objects also changes the order 
of acquisition. I can't quite judge your case, but if you change a 
URL  from frames/Personal to Personal/frames the result may well be 
something different. 

Just simplifying

Rik