[ZWeb] Zope-web syndication
ethan mindlace fremen
Thu, 15 Jun 2000 20:44:45 -0600
Karl Anderson wrote:
> When I think of syndication, I think of exposing content to someone
> that you don't necessarily trust. You seem to only be suggesting
> in-house type syndication now, right?
Not particularly, although I am thinking that the syndication extends in house,
that is, zope.org, zope.net, and zope.com are all views on the storage server's
> The MountedDatabases page doesn't mention any security controls -
> something in a mounted storage is just as trusted as in your primary
> storage. Same with zeo,
The Zeo Fact Sheet says:
To support distribution to externally controlled Zope sites, the ZSS can
restrict connections (1) by address, (2) require a security key, and/or (3)
permit read-only access. These features make ZEO a good fit for the classic
> plus you trust all clients completely to be
> what they claim to be (for example, you trust them when they say "this
> user has been id'd with basic http authentication"). Is this correct?
What I would assume is that certain, trusted sites (like the ZDP) would have
read-write access. I believe that if the ZDP wanted to do clever enough things
to their copy of zope they could contravene security measures in the ZODB, but I
don't know enough about the security mechanisms to say.
> So this isn't a model like, say, exporting a static CVS site read-only
> with the hosts provididing their own standard_dtml_header type
> objects. Or could it be made into one? Or is that not your direction
> at all?
I think that is what I am trying to do. I assumed that if the objects in the
storage server was made availiable read-only, even if a client server connected
to it was mounted in an arbitrary foreign Zope, it would not pose a security
risk to the objects in the storage server.