[Zope] Granting access by reading http headers
chris at simplistix.co.uk
Thu Feb 16 03:34:45 EST 2006
Marc Schnapp wrote:
> We're running Plone for internal departmental use. I'm going to lock
> down most of the content, requiring a login to view sensitive documents.
> But I also want our Google Mini appliance to crawl all content.
Google Mini can do http basic auth, right? If so, you're fine, just put
in the basic auth details and define a user in acl_users. Provided the
mini presents the credentials without first being challenged by a 401,
you'll be fine...
> 1) Is this approach viable? (What are the pitfalls?)
I'd worry about headers being spoofed...
> 2) What python module is consulted to determine access rights when a
> page request is made?
The user folder, in your case it'll be the hell known as GRUF. Swap that
out for the hell known as PAS ;-)
> 2) Is this difficult to implement if one has rudimentary Python skills?
Simplistix - Content Management, Zope & Python Consulting
More information about the Zope