[Zope] "Hiding" a Zope object from URL accesses
Rik Hoekstra
rik.hoekstra@inghist.nl
Fri, 26 Jan 2001 14:49:02 +0100
>
> If I have a Z SQL method set up as /query on my Zope site, how is it
> possible for me to disallow direct accesses to it via a URL (like
> http://localhost/query) ? If I cannot, then what is the convention people
> use to store objects which are not supposed to be visible directly?
>
AFAIK there is no way of hiding an object in Zope
One way of doing this is probably by
1) never calling it directly, but always from another method or document
2) moving it to a folder/objectmanager that has security settings so that it
will not let anyone in (apart from the manager) and a special role that you
use exclusively as a proxy role for the methods calling your query
hth
Rik