[Zope] [Ann] Protecting DTML objects from Web-Access
Ng Pheng Siong
ngps@post1.com
Sun, 15 Apr 2001 23:19:07 +0800
On Sat, Apr 14, 2001 at 05:36:43PM +0200, Dieter Maurer wrote:
> Several times, I heard
> the wish to protect objects from access through the Web
> while they are otherwise (i.e. from DTML, Python Script, ...)
> usable as normal. This requirement prevents using the "View"
> permission as it covers both access from the Web and
> internally.
I have a product called GuardedFile:
GuardedFile provides a convenient way to create Zope
File objects that are accessible by proxy only.
When a GuardedFile is created, all acquired permissions are unset.
A proxy role is created in its container with the sole permission
"View".
When the GuardedFile is deleted, its associated proxy role is also
removed.
To use a GuardedFile, your DTML method or whatever needs to be assigned
the proxy role.
Essentially, the familiar setuid mechanism.
Not sure if that's what you're looking for, though.
Cheers.
--
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps