[Zope] Product or Custom for Auth.

Dario Lopez-Kästen dario at ita.chalmers.se
Tue Sep 7 17:18:10 EDT 2004


Jason Leach wrote:

> Zope:
> 
> If I need to authentication agains a SQL db, is it worth using a
> product like PluggableUserFolder or can I just whip up a form, query
> and PythonScript to do this? I don't need to add or manage users, just
> authenticate them?  Check user/passwd.
> 
> Jason.

Hello,

if you want your users to be full Zope users, then yes, you need to use 
a custom User folder. If not, then you need to make sure that each and 
every request includes a call to your auth function and validates each 
request to make sure that the user is still online.

There are some use cases when this is acceptable (I have developed such 
as system with TTW code and it works very well), however this measn that 
you are totally by-passing Zope security; i.e. Zope will conisder each 
request as made by the anonymous user.

If this is not what you expect, then I suggest you study what userfolder 
repalcements are avialble.

Fos CPS I think (not sure) you need to find a plug-in for Pluggable User 
Folder; if you are not using CPS then I can recommend, Extensible User 
Folder (XUF) which is sort of like the swiss-army knife of user folders 
or SimpleUSerFolder which is really simple bu is designed specifically 
for this use case.

Hope this helps
/dario

-- 
-- -------------------------------------------------------------------
Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.


More information about the Zope mailing list