[Zope] Secure file downloading problem
Dylan Reinhardt
zope@dylanreinhardt.com
Thu, 13 Feb 2003 08:52:32 -0800
Assume you have file F and method M.
Ensure that nobody but a Manager has any privileges for F. This will have
the effect of making it unobtainable directly.
Set up M so that it performs whatever security dance is required and
returns the contents of F when appropriate. Give M the proxy role of
Manager so that it can gain access to F.
If you want to get a little more tricky, create a new role that's used just
for this purpose. Give that role permissions on F and run M in that proxy
role.
As far as the user or their software is concerned, file F will have M's URL.
HTH,
Dylan
At 07:39 AM 2/13/2003, Lubos Culen wrote:
>Hi!
>
>I have simple task to develop in Zope - make secure files available for
>download, but the user shouldn't see the REAL URL of the files (neither in
>browser nor in any download manager). Is it possible to do this through
>Zope? Thanks for answer,
>
>Lubos.
>
>
>_______________________________________________
>Zope maillist - Zope@zope.org
>http://mail.zope.org/mailman/listinfo/zope
>** No cross posts or HTML encoding! **
>(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
>http://mail.zope.org/mailman/listinfo/zope-dev )