[Zope] Access Permission by Domain and without Login?

Dieter Maurer dieter at handshake.de
Sun Jun 13 06:43:39 EDT 2004


Passin, Tom wrote at 2004-6-11 15:08 -0400:
>For a Zope 2.7/Plone 2 site, I would like to restrict (otherwise)
>anonymous access to certain specific pages or methods to people making
>the request from specific domains.  I know that I can specify a domain
>for a particular user, but I want this to apply to anyone, without any
>special per-user configuration, and without requiring a login.
>
>Also I want to do this without putting Zope behind Apache or any other
>proxy, if this is possible.  
>
>I don't recall seeing this discussed.  Does anyone have suggestions as
>to how to accomplish this?

It has been discussed -- several times...

Zope contains an old feature: users without password but with domain
restriction. Zope is ready to perform an automatic login for such
users.

The feature is now considered arcane and a security risk.
It is disabled by default but you can enable it.
Looking at the source ("AccessControl.User") or searching
the archives will reveal the necessary details.

-- 
Dieter



More information about the Zope mailing list