[Zope] Running Management Interface on Separate HTTP Port

R. David Murray R. David Murray" <bitz@bitdance.com
Fri, 25 Feb 2000 09:55:02 -0500 (EST)


On Fri, 25 Feb 2000, Hannu Krosing wrote:
> Michel Pelletier wrote:
> > Zope does not differentiate between managment methods and, say, DTML
> > methods that are public (other than authenticating them against Zope's
> > security system, of course).  They are all just objects in an object
> > space. 
> 
> Putting management interface on a different port has the added benefit thet 
> browser automatically sends different authentication for management interface 
> and 'user' pages.

And it has the disadvantage, IMO, that Zope not only does not make
a distinction between management and non-management methods, it also
does not make a distinction between managers and non-managers.  Or,
rather, management is distributed, subtree-specific, and finely
tailorable.  The only distinction it would be easy to make is between
methods that start with "manage" and ones that don't, *in the URL*.
But there are other ways to access management methods, under control
of Zope's security mechanisms.  Your security model gets a little
muddy and ambiguous in that event, it seems to me.

Personally, I don't think trying to shoehorn a split management/access
interface on top of Zope's fine grained security model is a good idea.
The nice thing about Open Source, though, is that if you want to take
a hack at it, you can <grin>.

--RDM