[Zope] [Fwd: Re: [Zope-dev] Zope components and revision control with cvs]

Shane Hathaway shane@zope.com
Wed, 07 Aug 2002 09:57:48 -0400


This is a multi-part message in MIME format.
--------------000807040800000302060405
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Just making sure this message winds up in the right place.  Mehran would 
like some help.

Shane

--------------000807040800000302060405
Content-Type: message/rfc822;
 name="Re: [Zope-dev] Zope components and revision control with cvs"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Re: [Zope-dev] Zope components and revision control with cvs"

Return-Path: <mehran_erfani@yahoo.com>
Received: from mail.zope.com [63.100.190.18]
	by localhost with IMAP (fetchmail-5.9.11)
	for shane@localhost (single-drop); Mon, 05 Aug 2002 22:48:53 -0400 (EDT)
Received: from smtp.zope.com ([63.100.190.95] verified)
  by digicool.com (CommuniGate Pro SMTP 3.5.9)
  with ESMTP id 98425 for shane@mail.zope.com; Mon, 05 Aug 2002 22:48:31 -0400
Received: from web13205.mail.yahoo.com (web13205.mail.yahoo.com [216.136.174.190])
	by smtp.zope.com (8.11.6/8.11.2) with SMTP id g762m8q11510
	for <shane@zope.com>; Mon, 5 Aug 2002 22:48:08 -0400
Message-ID: <20020806024807.84969.qmail@web13205.mail.yahoo.com>
Received: from [216.39.238.26] by web13205.mail.yahoo.com via HTTP; Mon, 05 Aug 2002 19:48:07 PDT
Date: Mon, 5 Aug 2002 19:48:07 -0700 (PDT)
From: Mehran erfani <mehran_erfani@yahoo.com>
Subject: Re: [Zope-dev] Zope components and revision control with cvs
To: Dieter Maurer <dieter@handshake.de>, Shane Hathaway <shane@zope.com>
In-Reply-To: <15690.60219.246893.263180@gargle.gargle.HOWL>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-MailScanner: Found to be clean



Hi Guys,
I would appreciate it if any of you can give me
his/her opinion on the following.....
First I am a rookie! then --->
Here is the scenario :

   I am trying to have a login/logout page for my
site. What I did, is : I created a page that anyone
can access. then they enter their user name and
password. I verify that with my Database and then....
I set a variable in session to ok, just like a flag.
Here is the page that goes to backend DB:



 <dtml-if "CheckPassWithDB(password)>
   <dtml-call "REQUEST.SESSION.set('myflag', 'ok')">
   <dtml-call "RESPONSE.redirect('somepage')">

 <dtml-else>
   Incorrect password, accsess denied!!!
 </dtml-if>


Now each time this user wants to access any of my
pages I check that variable, if it is set to ok....I
give them access to that page, if not....I send them
to a page that says they are not allowed to access the
page. 
So every opage in my site has at the top :

<dtml-with "SESSION.getSessionData()">
 <dtml-let x="get('myflag')" >

 <dtml-if "x=='ok'">
   run the page.
 <dtml-else>
   Access denied!!!
 </dtml-if>



This way I tried to bypass the usual pop up box of
zope and authenticate users with my backend database.
Does this sound to you as a correct way of doing
things? Security wise....do you see any problem with
this.

I know this is very primitive, but this is only thing
I knew. What do you think, am I totaly off?

I thank you and appreciate your help.
I hope I can be of assistance someday.

Mehran



--- Dieter Maurer <dieter@handshake.de> wrote:
> Shane Hathaway writes:
>  > It's really only a theoretical problem.  To store
> the extra data about
>  > folderish objects, you can save the data in a
> hidden file called, for
>  > example, ".properties".  The theoretical problem
> is that someone might
>  > give an object that name, since it's perfectly
> legal.  In practice, you
>  > can just prevent people from creating Zope
> objects with a name that starts
>  > with a dot.  99% of the users won't mind at all,
> and those that do can
>  > use two dots instead. :-)
> The real problem (in my view) are ObjectManagers
> that are contained
> in Non-Object-Managers. Furthermore,
> splitting/folding ObjectManagers
> in the sense that you start/stop managing the
> individual content.
> 
> 
> Dieter
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
> 
> http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )


__________________________________________________
Do You Yahoo!?
Yahoo! Health - Feel better, live better
http://health.yahoo.com

--------------000807040800000302060405--