[Zope] Granting access by reading http headers (Consulting opportunity)

Marc Schnapp lists at servicemarc.com
Fri Feb 17 13:22:02 EST 2006

If anyone here has the consulting expertise to help implement a 
solution, please email me separately at m + schnapp + service + marc + 
dot + com.

(See my elaborations below)

Chris Withers wrote:
> Marc Schnapp wrote:
>> We're running Plone for internal departmental use. I'm going to lock 
>> down most of the content, requiring a login to view sensitive 
>> documents. But I also want our Google Mini appliance to crawl all 
>> content. 
> Google Mini can do http basic auth, right? If so, you're fine, just 
> put in the basic auth details and define a user in acl_users. Provided 
> the mini presents the credentials without first being challenged by a 
> 401, you'll be fine...
Marc responds:
1) The Google Mini does not accept cookies.
2) Plone barfs if you try tricks like adding a query string to URLs.

>> 1) Is this approach viable? (What are the pitfalls?)
> I'd worry about headers being spoofed...
Marc responds:
I don't have to worry about headers being spoofed. The host lives in our 
dedicated data center behind a VPN concentrator requiring RSA 
authentication. No one gets to the box unless we already have cleared 
them through two-phase authentication.

>> 2) What python module is consulted to determine access rights when a 
>> page request is made?
> The user folder, in your case it'll be the hell known as GRUF. Swap 
> that out for the hell known as PAS ;-)
>> 2) Is this difficult to implement if one has rudimentary Python skills? 
> Yes.
> cheers,
> Chris

More information about the Zope mailing list