[Zope] Access Permission by Domain and without Login?

Passin, Tom tpassin at mitretek.org
Mon Jun 14 11:45:50 EDT 2004


> From: zope-bounces at zope.org [mailto:zope-bounces at zope.org] On 
 
> Those can be spoofed as well. There's no increased security there.

Yes, but...  In this case the customer wants (or thinks it is wanted)
this kind of capability, and the security does not have to be the very
highest.  Many web servers let you set this kind of restriction.  Of
course, having authenticated users be members of groups with the
restricted role is more secure, but it does require that each person
join and be manually assigned to the select group.

The scenario here is that anyone coming in from, say, noaa.gov, would be
allowed to access a form that is not supposed to be open to the general
public.    Most of these people would not be members of the site.  If a
few determined people hacked up their packets with forged addresses and
thereby got to the form, no harm would be done.  The only reason for the
restriction is that the client does not want to have to sort through
spurious submissions from people who are not involved with the process.

Cheers,

Tom P

> On Jun 14, 2004, at 10:57 AM, Passin, Tom wrote:
> 
> > I asked for suggestions on restricting access to otherwise 
> > anonymously-accessable pages and methods.  It has been 
> pointed out to 
> > me off line that that restriction by domain *name* can have security
> > problems.  But my terminology was misleading, becaues that 
> is not quite
> > what I had in mind.
> >
> > I am asking about restriction by specific IP number ranges, like 
> > 140.90.*.*, not by domain *name*.
> >
> > Cheers,
> >
> > Tom P
> >
> >>
> >> For a Zope 2.7/Plone 2 site, I would like to restrict
> >> (otherwise) anonymous access to certain specific pages or 
> methods to 
> >> people making the request from specific domains. I know that I can 
> >> specify a domain for a particular user, but I want this to 
> apply to 
> >> anyone, without any special per-user configuration, and without 
> >> requiring a login.
> >>
> >> Also I want to do this without putting Zope behind Apache or any 
> >> other proxy, if this is possible.
> >>
> >> I don't recall seeing this discussed.  Does anyone have 
> suggestions 
> >> as to how to accomplish this?
> >
> > _______________________________________________
> > Zope maillist  -  Zope at zope.org 
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -  
> http://mail.zope.org/mailman/listinfo/zo> pe-announce
> >  
> 
http://mail.zope.org/mailman/listinfo/zope-dev )


_______________________________________________
Zope maillist  -  Zope at zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )



More information about the Zope mailing list