[Zope] Access Permission by Domain and without Login?
Dieter Maurer
dieter at handshake.de
Sun Jun 13 06:43:39 EDT 2004
Passin, Tom wrote at 2004-6-11 15:08 -0400:
>For a Zope 2.7/Plone 2 site, I would like to restrict (otherwise)
>anonymous access to certain specific pages or methods to people making
>the request from specific domains. I know that I can specify a domain
>for a particular user, but I want this to apply to anyone, without any
>special per-user configuration, and without requiring a login.
>
>Also I want to do this without putting Zope behind Apache or any other
>proxy, if this is possible.
>
>I don't recall seeing this discussed. Does anyone have suggestions as
>to how to accomplish this?
It has been discussed -- several times...
Zope contains an old feature: users without password but with domain
restriction. Zope is ready to perform an automatic login for such
users.
The feature is now considered arcane and a security risk.
It is disabled by default but you can enable it.
Looking at the source ("AccessControl.User") or searching
the archives will reveal the necessary details.
--
Dieter
More information about the Zope
mailing list