[Zope] "Hiding" a Zope object from URL accesses

[Rik Hoekstra]

>
> If I have a Z SQL method set up as /query on my Zope site, how is it
> possible for me to disallow direct accesses to it via a URL (like
> http://localhost/query) ? If I cannot, then what is the convention people
> use to store objects which are not supposed to be visible directly?
>

AFAIK there is no way of hiding an object in Zope
One way of doing this is probably by
1) never calling it directly, but always from another method or document
2) moving it to a folder/objectmanager that has security settings so that it
will not let anyone in (apart from the manager) and a special role that you
use exclusively as a proxy role for the methods calling your query

hth

Rik