Metadata in zope / binary data on FS,
was Re: [ZODB-Dev] __del__ with Persistent objects
Stuart Bishop
stuart.b at commonground.com.au
Sat Jul 19 03:30:15 EDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday, July 19, 2003, at 01:58 AM, Paul Winkler wrote:
> The problem is not just storage bloat, I've found that Zope
> performance simply sucks when serving large files. A couple of
> simultaneous requests for a 40 MB file can make zope crawl :-(
> So I'm needing to implement something similar, and wondering...
>
> 1) is there any existing zope product that does this job? metadata in
> zope, binary files on disk served by apache or whatever?
If there isn't, I'm happy to post my code as a starting point (it is
currently application specific, but it would be hardly any work to make
it more generic). Putting a reverse proxy in front of Zope may speed
things
up dramatically (Zope may be able to punt the file to squid quickly,
rather than slowly feed the file over the Internet to the client -
unsure).
> 2) has anybody used APE on a production site to handle filesystem
But this may be a better starting point...
> The biggest problem I see: security.
> First of all, both apache and zope need to read the binary files, but I
> don't want apache to be able to read just anything in the zope tree.
> Worse, some of my binary files need to be password-protected :-\
> OK, mod_ldap and LdapUserFolder should take care of centralized
> authentication, but how the heck are my content managers going to
> control
> access to the apache-served stuff? Maybe the zope product could
> generate an .htaccess file based on security settings? hell, I dunno.
I think the trick would be to redirect (if the user is allowed access)
to
a random path (generated with a symlink at the same time as the
redirect is
issued), which would then be cleaned up perhaps half an hour later
via cron. I like the idea of the .htaccess file (although I'm stuck with
cookie auth, and I don't know if Apache could be abused to allow access
based on the Zope2 session id or an auth cookie).
- --
Stuart Bishop <zen at shangri-la.dropbear.id.au>
http://shangri-la.dropbear.id.au/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (Darwin)
iD8DBQE/GCCbh8iUz1x5geARAnfLAKCuVrGOfkHq2pi4lSAmeRVrqH7phgCeNGiN
GX0QqselhwBYSVyuHUEP3as=
=WgyX
-----END PGP SIGNATURE-----
More information about the ZODB-Dev
mailing list