[Zope] Secure file downloading problem
Lubos Culen
mirsoft@gmx.net
Mon, 17 Feb 2003 18:37:01 +0100
Dylan,
thank you very much for help, it works - I'm only not able to "return the
contents of F with method M" (simple RESPONSE.redirect doesn't work because
then it reads directly the files which it has not privileges to access) -
is there some easy way to return file contents using method M?
Thanks,
Lubos.
On Thu, 13 Feb 2003 08:52:32 -0800, Dylan Reinhardt
<zope@dylanreinhardt.com> wrote:
> Assume you have file F and method M.
>
> Ensure that nobody but a Manager has any privileges for F. This will
> have the effect of making it unobtainable directly.
>
> Set up M so that it performs whatever security dance is required and
> returns the contents of F when appropriate. Give M the proxy role of
> Manager so that it can gain access to F.
>
> If you want to get a little more tricky, create a new role that's used
> just for this purpose. Give that role permissions on F and run M in that
> proxy role.
>
> As far as the user or their software is concerned, file F will have M's
> URL.
>
> HTH,
>
> Dylan
>
>
> At 07:39 AM 2/13/2003, Lubos Culen wrote:
>> Hi!
>>
>> I have simple task to develop in Zope - make secure files available for
>> download, but the user shouldn't see the REAL URL of the files (neither
>> in browser nor in any download manager). Is it possible to do this
>> through Zope? Thanks for answer,
>>
>> Lubos.
>>
>>
>> _______________________________________________
>> Zope maillist - Zope@zope.org
>> http://mail.zope.org/mailman/listinfo/zope
>> ** No cross posts or HTML encoding! **
>> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
>> http://mail.zope.org/mailman/listinfo/zope-dev )
>
>
--
Regards,
Lubos Culen (Mirsoft)
INFO: http://www.mirsoft.info
ICQ: 658788