[Zope] [Fwd: Re: [Zope-dev] Zope components and revision control with cvs]
Shane Hathaway
shane@zope.com
Wed, 07 Aug 2002 09:57:48 -0400
This is a multi-part message in MIME format.
--------------000807040800000302060405
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Just making sure this message winds up in the right place. Mehran would
like some help.
Shane
--------------000807040800000302060405
Content-Type: message/rfc822;
name="Re: [Zope-dev] Zope components and revision control with cvs"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="Re: [Zope-dev] Zope components and revision control with cvs"
Return-Path: <mehran_erfani@yahoo.com>
Received: from mail.zope.com [63.100.190.18]
by localhost with IMAP (fetchmail-5.9.11)
for shane@localhost (single-drop); Mon, 05 Aug 2002 22:48:53 -0400 (EDT)
Received: from smtp.zope.com ([63.100.190.95] verified)
by digicool.com (CommuniGate Pro SMTP 3.5.9)
with ESMTP id 98425 for shane@mail.zope.com; Mon, 05 Aug 2002 22:48:31 -0400
Received: from web13205.mail.yahoo.com (web13205.mail.yahoo.com [216.136.174.190])
by smtp.zope.com (8.11.6/8.11.2) with SMTP id g762m8q11510
for <shane@zope.com>; Mon, 5 Aug 2002 22:48:08 -0400
Message-ID: <20020806024807.84969.qmail@web13205.mail.yahoo.com>
Received: from [216.39.238.26] by web13205.mail.yahoo.com via HTTP; Mon, 05 Aug 2002 19:48:07 PDT
Date: Mon, 5 Aug 2002 19:48:07 -0700 (PDT)
From: Mehran erfani <mehran_erfani@yahoo.com>
Subject: Re: [Zope-dev] Zope components and revision control with cvs
To: Dieter Maurer <dieter@handshake.de>, Shane Hathaway <shane@zope.com>
In-Reply-To: <15690.60219.246893.263180@gargle.gargle.HOWL>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-MailScanner: Found to be clean
Hi Guys,
I would appreciate it if any of you can give me
his/her opinion on the following.....
First I am a rookie! then --->
Here is the scenario :
I am trying to have a login/logout page for my
site. What I did, is : I created a page that anyone
can access. then they enter their user name and
password. I verify that with my Database and then....
I set a variable in session to ok, just like a flag.
Here is the page that goes to backend DB:
<dtml-if "CheckPassWithDB(password)>
<dtml-call "REQUEST.SESSION.set('myflag', 'ok')">
<dtml-call "RESPONSE.redirect('somepage')">
<dtml-else>
Incorrect password, accsess denied!!!
</dtml-if>
Now each time this user wants to access any of my
pages I check that variable, if it is set to ok....I
give them access to that page, if not....I send them
to a page that says they are not allowed to access the
page.
So every opage in my site has at the top :
<dtml-with "SESSION.getSessionData()">
<dtml-let x="get('myflag')" >
<dtml-if "x=='ok'">
run the page.
<dtml-else>
Access denied!!!
</dtml-if>
This way I tried to bypass the usual pop up box of
zope and authenticate users with my backend database.
Does this sound to you as a correct way of doing
things? Security wise....do you see any problem with
this.
I know this is very primitive, but this is only thing
I knew. What do you think, am I totaly off?
I thank you and appreciate your help.
I hope I can be of assistance someday.
Mehran
--- Dieter Maurer <dieter@handshake.de> wrote:
> Shane Hathaway writes:
> > It's really only a theoretical problem. To store
> the extra data about
> > folderish objects, you can save the data in a
> hidden file called, for
> > example, ".properties". The theoretical problem
> is that someone might
> > give an object that name, since it's perfectly
> legal. In practice, you
> > can just prevent people from creating Zope
> objects with a name that starts
> > with a dot. 99% of the users won't mind at all,
> and those that do can
> > use two dots instead. :-)
> The real problem (in my view) are ObjectManagers
> that are contained
> in Non-Object-Managers. Furthermore,
> splitting/folding ObjectManagers
> in the sense that you start/stop managing the
> individual content.
>
>
> Dieter
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
>
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com
--------------000807040800000302060405--