[Zope] Security/Design Help

Lex Berezhny eukreignian@yahoo.com
Mon, 29 Oct 2001 10:10:51 -0800 (PST)


  I am working on a voting system for my schools' computer science
classes. Students in each class will vote for the student of the
week. The student heirarchy is represented in the Zope filesystem by
folders: at the top is the class folder, then period folders and
finally student folders. Each student folder contains an acl_users
with that students login information.

 An important feature in this voting program is to authenticate
students when they vote, so that they are not able to vote in
classes/periods they are not in.

  My current problem is figuring out where in the aquisition path the
voting scripts should go, so that when a user goes to the voting form
it prompts him/her to login and builds a list of students based on
the class this student belongs to. So far I can build the list of
students by using aquisition, but I am having trouble with

Here is the voting form i can generate by looping through the folders
in the advanced topics class (which only has one period, so it is not
sectioned into periods):

I hope my explination made some sense ;) What I would like to know is
how some of you would approach this problem? How should I go about
designing this voting form, security wise? Any other suggestions?

thanks a bunch,
 - lex

"The Python literature says implement time-critical bits in C, the C literature says implement the time-critical bits in assembler, some assembly programmers hand-craft critical machine code, and you could always design and fabricate your own chips."
           - Tim Rowe, digitig@cix.co.uk

Do You Yahoo!?
Make a great connection at Yahoo! Personals.