[Zope] how to prevent URL access to an external method?

Jonathan (dev101) dev101 at magma.ca
Tue Apr 28 11:08:03 EDT 2009

Within the ExternalMethod you could check the ACTUAL_URL variable (in 
REQUEST) and if the name of the external method is found you could redirect 
the user to a "you're a baaad user" page.


----- Original Message ----- 
From: "Pedro LaWrench" <pedrolawrench at yahoo.com>
To: <zope at zope.org>
Sent: Tuesday, April 28, 2009 11:04 AM
Subject: [Zope] how to prevent URL access to an external method?

I need to do something on the filesystem, which requires unrestricted 
python, so I created an external method. The problem is that anyone can call 
that directly via URL, so I added a permission check. Even then, users with 
the sufficient permissions can call this via URL, which I don't want them to 
do. I only want them to have access indirectly from other pages (such as a 
page template that will pass sane parameters). Is there anyway to do this?


Zope maillist  -  Zope at zope.org
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-dev )


No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 8.0.238 / Virus Database: 270.12.6/2084 - Release Date: 04/28/09 

More information about the Zope mailing list