[Zope] Basic public manage access questions

Jason Cunliffe jasonic@nomadicsltd.com
Thu, 14 Oct 1999 15:11:24 +0200


Hello

Like most here I am very impressed with Zope - concept, community, scope,
potential etc. and am specifying Zope for an upcoming maritime transport
e-commerce project. Users & End-users (are there really ever such a group?)
may be using our 'smart-map' web site from kjhkh-knows-what machine,
fdsf-knows-where.

I am concerned about how to prevent access to management screens when
someone does not fully quit the web browser after a management session.
Either I have missed something so basic about zope permissions, or it has
missed my application.context.

It seems that if I log-on as zope site manager/developer/contentprovider,
and do some priviledged site work, but then walk away from the browser [
even though I have left it on another URL entirely], then the next person
can step up to the machine, click 'back', use 'history', or type in
www.mysite.com:8080/somefolder/manage - and bingo slide back into my shoes
with those powers!

...oops! ouch.. Tell me I am wrong please. If this is true what does anyone
recommend?

Yes, I can give people beautifully written instructions: DO NOT do
'thisXYZABC'- please_Youvebeenwarned'  .. but real-world conditions with
people I may never meet, who don't speak English very well, or are using a
Kiosk terminal etc are another matter. 
[not to mention speaking simple webese- or intermediate zope/python not too
well]

Is there some nice code {Javascipt/Zope} you can think of to check the fact
once the browser focus has moved onto another page or something, then I am
obliged to re-enter user:password information? 

Ditto what can I do when a user of the browser has selected the 'remember
password' item? 
Is there a clean way to zope around this?

Thanks and kudos to all your generous work here

- Jason Cunliffe




-------------------------------------------------
Jason Cunliffe <jasonic@nomadicsltd.com>
NOMADICS.STUDIO(Design Director)
Geo-Digital Arts and Technology
Le Vieux Moulin,  Route de Mons
83440  SEILLANS,  FRANCE
Tel: +33 (0)4 94.76.98.72    
Fax: +33 (0)4 94.76.97.77
<jasonic@nomadicsltd.com>