[Zope] zope access to external files

Ricardo Anguiano anguiano@codesourcery.com
04 Mar 2003 10:37:51 -0800


Dylan Reinhardt <Dylan@DylanReinhardt.com> writes:

> At 09:29 AM 3/4/2003, Ricardo Anguiano wrote:
> >        1. I want to restrict file access by user.
> >
> >         2. I want to serve objects from zope to accomplish objective
> >            #1 above, but I want the objects to be in the filesystem.
> 
> You can do that with Zope, but reading between the lines a bit,
> these sound like static files you're serving.

The files will be updated nightly.  The distinction between static
files which are updated often and dynamic content has never been clear
to me.  The files are large so I don't want to stick them into the
zope db.

> If so, I'd recommend putting Apache in front of Zope and letting
> Apache handle it with a RewriteRule like:
> 
> RewriteRule ^/files/(.*) /home/httpd/mysite/files/$1 [L]
> 
> It doesn't get much easier than that.  ;-)

True, but this option was rejected because there was no
authentication.  We could do a .htaccess thing, but we are already
using zope and it already does users nicely.

> Zope should (IMO) be used primarily for serving dynamic content.
> It's fantastic at what is does well, but it just doesn't hold a
> candle to Apache for serving static content... nor should it.
> They're two very different tasks.
> 
> >           I want to be able to say, "The contents of directory X are
> >            available only to user Y."
> 
> This isn't a great idea, for the most part.  If you're looking for
> more than trivial security, I wouldn't volunteer information like
> that.

Hmm.  I don't understand. Zope provides lots of control over users,
roles and content.  Are you saying I should ignore that framework and
use something else?

Zope's access control, users, passwords and SSL meet our needs.  The
only other thing I can think to do in this case is to issue SSL client
certs to verify the user's identity.  Users already access the content
via https only and have no local access to the machine.

> >http://www.codesourcery.com
> 
> Cool domain name. :-)

Thanks, I can't take credit for that one. :)

[PS: apache+ssl+zope+localfs seems to be doing the job nicely. It took
me a few minutes this morning.]

-- 
Ricardo Anguiano
http://www.codesourcery.com