[Zope] Re: Re: [Security] How to encrypt a Zope oid ?

Sinclair fred.duwez at freesurf.fr
Mon Sep 15 03:24:51 EDT 2003


> It's not a question of English or French...
>
> The final user's browser needs to understand the final URL, doesn't it?
> That limits your ability to conceal or encrypt the URL...

OK, but with Zope, you can build a application controller who call decode
parameters and call the real zope object. Or a simple page page controller
who encrypt his parameters :

Example : a document has url :
 $ZOPE/.../document_manager/document_37.

I wish the displayed url looks like :
$ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4

That is the document_manager who translates an unreadable parameter to
document real url.

What I want to avoid is somebody trying to access manually to document_38,
document_39, etc., just to add more security...

Sinclair






More information about the Zope mailing list