[Zope] how to prevent URL access to an external method?
Jonathan (dev101)
dev101 at magma.ca
Tue Apr 28 11:08:03 EDT 2009
Within the ExternalMethod you could check the ACTUAL_URL variable (in
REQUEST) and if the name of the external method is found you could redirect
the user to a "you're a baaad user" page.
Jonathan
----- Original Message -----
From: "Pedro LaWrench" <pedrolawrench at yahoo.com>
To: <zope at zope.org>
Sent: Tuesday, April 28, 2009 11:04 AM
Subject: [Zope] how to prevent URL access to an external method?
I need to do something on the filesystem, which requires unrestricted
python, so I created an external method. The problem is that anyone can call
that directly via URL, so I added a permission check. Even then, users with
the sufficient permissions can call this via URL, which I don't want them to
do. I only want them to have access indirectly from other pages (such as a
page template that will pass sane parameters). Is there anyway to do this?
Thanks,
PL
_______________________________________________
Zope maillist - Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
--------------------------------------------------------------------------------
No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.12.6/2084 - Release Date: 04/28/09
06:15:00
More information about the Zope
mailing list