[Zope] extensions (.html .gif), security, and multilanguage sites

Dieter Maurer dieter@handshake.de
Sat, 17 Feb 2001 15:35:46 +0100 (CET) 

CARL ROBERT BLESIUS writes:
 >   - file extensions... will we have problems programming
 >     with python if we use extensions (e.g. index.html
 >     melanoma.jpg) in Zope 2.3 or is there a way around it?
 >     We do not want to confuse users (index_html!?).
Objects with such ids are more difficult to access
in Python (not DTML) as the '.' is invalid in Python names.

   You cannot use "Attribute Access Syntax" (i.e. object.attribute)
   but need to use a function for access.

   You will not use any functionality but your code will
   look a bit uglier.

 >   - the sites we are building will be multilingual
answered by someone else...

 > A ZClass with customized DTML Documents and DTML Methods which have special
 > properties? The properties that come to mind at the moment are:
 >  - Language
 >  - Template (According to branch of site and language)
 >  - Author
 >  - Author email
 >  - Publish (Yes or No)
It is no problem to give the ZClass these additional properties.
It is no problem, too, to give it to DTML Documents;
DTML Methods, however, are no property managers.

 > One concern for example is the multilingualism of breadcrumbs and site maps
 > (we want them to be dynamically generated).
I can not give you a solution by now.

We want to explore this (and other automatic web grafic generation)
in a diploma thesis, starting later this year.
We will look into PIL (Python Image Library), ZGDChart and
Corel automation.

If you find a solution, please let me know.

 >   -Security - any tips on security? When using the tree function for example
 > how do I prevent certain folders from being listed? What is important when
 > running zope as far as security goes? Where do I watch for security problems
 > with zope?
It would be very weak, if you protect sensitive folders
just be not displaying them!

  Use Zope security to restrict access to sensitive objects.
  The "dtml-tree" has an attribute "skip_unauthorized"
  that lets you display just the parts of the structure
  that the current visitor has access rights to.

 > Anyone have good ideas or experience?
We are building a multi-lingual site.

I think, you can go ahead with Zope into this area.

 > P.S. Are there any qualified Zopitistas out there who would be willing to
 > answer questions like the ones above and provide some practical suggestions
This list is great for general (in contrast to very project
specific) questions.

I would expect, the project specific consultancy will cost something.


Dieter