[Zope] Product or Custom for Auth.
Dario Lopez-Kästen
dario at ita.chalmers.se
Tue Sep 7 17:18:10 EDT 2004
Jason Leach wrote:
> Zope:
>
> If I need to authentication agains a SQL db, is it worth using a
> product like PluggableUserFolder or can I just whip up a form, query
> and PythonScript to do this? I don't need to add or manage users, just
> authenticate them? Check user/passwd.
>
> Jason.
Hello,
if you want your users to be full Zope users, then yes, you need to use
a custom User folder. If not, then you need to make sure that each and
every request includes a call to your auth function and validates each
request to make sure that the user is still online.
There are some use cases when this is acceptable (I have developed such
as system with TTW code and it works very well), however this measn that
you are totally by-passing Zope security; i.e. Zope will conisder each
request as made by the anonymous user.
If this is not what you expect, then I suggest you study what userfolder
repalcements are avialble.
Fos CPS I think (not sure) you need to find a plug-in for Pluggable User
Folder; if you are not using CPS then I can recommend, Extensible User
Folder (XUF) which is sort of like the swiss-army knife of user folders
or SimpleUSerFolder which is really simple bu is designed specifically
for this use case.
Hope this helps
/dario
--
-- -------------------------------------------------------------------
Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
More information about the Zope
mailing list