[Zope] Secure file downloading problem

Lubos Culen mirsoft@gmx.net
Mon, 17 Feb 2003 18:37:01 +0100


Dylan,

thank you very much for help, it works - I'm only not able to "return the 
contents of F with method M" (simple RESPONSE.redirect doesn't work because 
then it reads directly the files which it has not privileges to access) - 
is there some easy way to return file contents using method M?

Thanks,

Lubos.

On Thu, 13 Feb 2003 08:52:32 -0800, Dylan Reinhardt 
<zope@dylanreinhardt.com> wrote:

> Assume you have file F and method M.
>
> Ensure that nobody but a Manager has any privileges for F.  This will 
> have the effect of making it unobtainable directly.
>
> Set up M so that it performs whatever security dance is required and 
> returns the contents of F when appropriate.  Give M the proxy role of 
> Manager so that it can gain access to F.
>
> If you want to get a little more tricky, create a new role that's used 
> just for this purpose.  Give that role permissions on F and run M in that 
> proxy role.
>
> As far as the user or their software is concerned, file F will have M's 
> URL.
>
> HTH,
>
> Dylan
>
>
> At 07:39 AM 2/13/2003, Lubos Culen wrote:
>> Hi!
>>
>> I have simple task to develop in Zope - make secure files available for 
>> download, but the user shouldn't see the REAL URL of the files (neither 
>> in browser nor in any download manager). Is it possible to do this 
>> through Zope? Thanks for answer,
>>
>> Lubos.
>>
>>
>> _______________________________________________
>> Zope maillist  -  Zope@zope.org
>> http://mail.zope.org/mailman/listinfo/zope
>> **   No cross posts or HTML encoding!  **
>> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
>> http://mail.zope.org/mailman/listinfo/zope-dev )
>
>



-- 
Regards,
Lubos Culen (Mirsoft)
 INFO: http://www.mirsoft.info
ICQ: 658788