[Zope] Re: Re: [Security] How to encrypt a Zope oid ?
Sinclair
fred.duwez at freesurf.fr
Mon Sep 15 03:24:51 EDT 2003
> It's not a question of English or French...
>
> The final user's browser needs to understand the final URL, doesn't it?
> That limits your ability to conceal or encrypt the URL...
OK, but with Zope, you can build a application controller who call decode
parameters and call the real zope object. Or a simple page page controller
who encrypt his parameters :
Example : a document has url :
$ZOPE/.../document_manager/document_37.
I wish the displayed url looks like :
$ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4
That is the document_manager who translates an unreadable parameter to
document real url.
What I want to avoid is somebody trying to access manually to document_38,
document_39, etc., just to add more security...
Sinclair
More information about the Zope
mailing list