[Zope] Granting access by reading http headers

Chris Withers chris at simplistix.co.uk
Thu Feb 16 03:34:45 EST 2006


Marc Schnapp wrote:
> We're running Plone for internal departmental use. I'm going to lock 
> down most of the content, requiring a login to view sensitive documents. 
> But I also want our Google Mini appliance to crawl all content. 

Google Mini can do http basic auth, right? If so, you're fine, just put 
in the basic auth details and define a user in acl_users. Provided the 
mini presents the credentials without first being challenged by a 401, 
you'll be fine...

> 1) Is this approach viable? (What are the pitfalls?)

I'd worry about headers being spoofed...

> 2) What python module is consulted to determine access rights when a 
> page request is made?

The user folder, in your case it'll be the hell known as GRUF. Swap that 
out for the hell known as PAS ;-)

> 2) Is this difficult to implement if one has rudimentary Python skills? 

Yes.

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk



More information about the Zope mailing list