If I have a Z SQL method set up as /query on my Zope site, how is it possible for me to disallow direct accesses to it via a URL (like http://localhost/query) ? If I cannot, then what is the convention people use to store objects which are not supposed to be visible directly? Thanks.