[Zope] Granting access by reading http headers (Consulting opportunity)

Chris Withers chris at simplistix.co.uk
Mon Feb 20 14:46:09 EST 2006


Marc Schnapp wrote:
>> Google Mini can do http basic auth, right? If so, you're fine, just 
>> put in the basic auth details and define a user in acl_users. Provided 
>> the mini presents the credentials without first being challenged by a 
>> 401, you'll be fine...
>>
> Marc responds:
> 1) The Google Mini does not accept cookies.

Did I ask if it accepted cookie? No, I asked if it accepts http basic 
auth. Care to answer my question? ;-)

> 2) Plone barfs if you try tricks like adding a query string to URLs.

Plohn barfs a lot, probably best not use it ;-)

> I don't have to worry about headers being spoofed. The host lives in our 
> dedicated data center behind a VPN concentrator requiring RSA 
> authentication. No one gets to the box unless we already have cleared 
> them through two-phase authentication.

Yah, sure... I'd still worry about headers being spoofed *grinz*

cheers,

Chris

PS: If you want to pay me to solve this, contact me off list...

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk



More information about the Zope mailing list