[Zope] Management View
Edward Hartfield
ehartfield at savingtree.com
Thu Sep 9 10:30:51 EDT 2004
Johan Carlsson wrote:
Why do you need different authentication logic?
My client wants to do form-based authentication and have user data
stored in a database so they can manage users without having to know
anything about Zope. My idea is to create a folder object that can be
given a method (AuthenticateMethod) to call when someone tries to
traverse the folder's contents. AuthenticateMethod returns true or
false. The folder itself knows nothing of the authentication scheme.
That's AuthenticateMethod's concern.
My partner and I agree that it doesn't make sense to throw away Zope's
built-in security. But we don't like the hack required to logout a user
with basic authentication. Also, we need to implement a record-level
authorization scheme. The easiest, most cost-effective way to do this
seems to be using a database to define user permissions just the way we
want.
I'd welcome any thoughts you or anyone else might have.
More information about the Zope
mailing list