[Zope] Re: Granting access by reading http headers

[Tres Seaver]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Marc Schnapp wrote:
> We're running Plone for internal departmental use. I'm going to lock
> down most of the content, requiring a login to view sensitive documents.
> But I also want our Google Mini appliance to crawl all content. The
> problem is that the appliance does not accept cookies. So Plone and Zope
> don't recognize a user account as the crawler attempts to move through
> links.
> 
> I am thinking of granting the Google Mini appliance "transparent" access
> by reading the http headers of incoming requests and granting access if:
>  - the header includes the correct client string
>    AND
>  - The IP address of the requesting machine is owned by the Google Mini
> host.
> 
> Questions:
> 
> 1) Is this approach viable? (What are the pitfalls?)
> 
> 2) What python module is consulted to determine access rights when a
> page request is made?
> 
> 2) Is this difficult to implement if one has rudimentary Python skills?
> (Or is there already sample code out there to do something like this? I
> couldn't find any.)

Such a policy would be trivial to implement in using the
ScriptablePlugin within a PluggableAuthenticationService user folder.
Even in a "stock" user folder, if you know the IP of the appliance, you
can create a user and set the "domain" field to that IP, granting it the
roles which allow it to view the site:  as long as nobody else can spoof
that IP, you should be fine.


Tres.
- --
===================================================================
Tres Seaver          +1 202-558-7113          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFD9AUY+gerLs4ltQ4RAnAgAKCn1lhuY8UfdH1xj18ycuTgqGhzHgCg1ALi
Za9/wpDb04vRTncZiQrr7S0=
=UFug
-----END PGP SIGNATURE-----