[Zope] Running Management Interface on Separate HTTP Port
R. David Murray
R. David Murray" <bitz@bitdance.com
Fri, 25 Feb 2000 09:55:02 -0500 (EST)
On Fri, 25 Feb 2000, Hannu Krosing wrote:
> Michel Pelletier wrote:
> > Zope does not differentiate between managment methods and, say, DTML
> > methods that are public (other than authenticating them against Zope's
> > security system, of course). They are all just objects in an object
> > space.
>
> Putting management interface on a different port has the added benefit thet
> browser automatically sends different authentication for management interface
> and 'user' pages.
And it has the disadvantage, IMO, that Zope not only does not make
a distinction between management and non-management methods, it also
does not make a distinction between managers and non-managers. Or,
rather, management is distributed, subtree-specific, and finely
tailorable. The only distinction it would be easy to make is between
methods that start with "manage" and ones that don't, *in the URL*.
But there are other ways to access management methods, under control
of Zope's security mechanisms. Your security model gets a little
muddy and ambiguous in that event, it seems to me.
Personally, I don't think trying to shoehorn a split management/access
interface on top of Zope's fine grained security model is a good idea.
The nice thing about Open Source, though, is that if you want to take
a hack at it, you can <grin>.
--RDM