[Zope] Access Permission by Domain and without Login?

sathya sathya at zeomega.com
Mon Jun 14 11:35:40 EDT 2004


Jens Vagelpohl wrote:

> Those can be spoofed as well. There's no increased security there.
> 
Hello Jens
is the domain filtering in zope going by the client ip in the http header ?

i assume you mean the clientip  value in the http header can be set to 
any value without affecting the actual IP it originated from ?

if thats the case then domain filtering in zope is not useful in my 
opinion. please point out fallacies in my reasoning if any :)

ty
sathya

> jens
> 
> On Jun 14, 2004, at 10:57 AM, Passin, Tom wrote:
> 
>> I asked for suggestions on restricting access to otherwise
>> anonymously-accessable pages and methods.  It has been pointed out to me
>> off line that that restriction by domain *name* can have security
>> problems.  But my terminology was misleading, becaues that is not quite
>> what I had in mind.
>>
>> I am asking about restriction by specific IP number ranges, like
>> 140.90.*.*, not by domain *name*.
>>
>> Cheers,
>>
>> Tom P
>>
>>>
>>> For a Zope 2.7/Plone 2 site, I would like to restrict
>>> (otherwise) anonymous access to certain specific pages or
>>> methods to people making the request from specific domains.
>>> I know that I can specify a domain for a particular user, but
>>> I want this to apply to anyone, without any special per-user
>>> configuration, and without requiring a login.
>>>
>>> Also I want to do this without putting Zope behind Apache or
>>> any other proxy, if this is possible.
>>>
>>> I don't recall seeing this discussed.  Does anyone have
>>> suggestions as to how to accomplish this?
>>
>>
>> _______________________________________________
>> Zope maillist  -  Zope at zope.org
>> http://mail.zope.org/mailman/listinfo/zope
>> **   No cross posts or HTML encoding!  **
>> (Related lists -
>>  http://mail.zope.org/mailman/listinfo/zope-announce
>>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )




More information about the Zope mailing list