[Zope] Re: Re: [Security] How to encrypt a Zope oid ?
Dylan Reinhardt
zope at dylanreinhardt.com
Mon Sep 15 13:06:55 EDT 2003
> > Example : a document has url :
> > $ZOPE/.../document_manager/document_37.
> >
> > I wish the displayed url looks like :
> > $ZOPE/.../document_manager?document=k2316fge54dsgb51v3vsdv4
I can't imagine *why* you think that would be more secure. My guess
would be that this is *less* secure, if anything, since document_manager
will need to have the largest possible permission set to work
correctly. It would become a single point of failure with greater
security implications than the failure of any one piece it manages.
But if you really must, it's easy enough. Make document_manager a
Python script that has one giant mapping of object ids and "encoded"
ids. For a request to the "encrypted" id, return the contents of a call
to the object specified in your mapping.
But I think you're working hard to reinvent a wheel here, and I'm not
convinced your proposed wheel is even round. :-) You'll probably be
better off spending this time becoming familiar with Zope's existing
security model.
HTH,
Dylan
More information about the Zope
mailing list