[Zope] Management View

Edward Hartfield ehartfield at savingtree.com
Thu Sep 9 10:30:51 EDT 2004


Johan Carlsson wrote:
    Why do you need different authentication logic?

My client wants to do form-based authentication and have user data 
stored in a database so they can manage users without having to know 
anything about Zope.  My idea is to create a folder object that can be 
given a method (AuthenticateMethod) to call when someone tries to 
traverse the folder's contents.  AuthenticateMethod returns true or 
false.  The folder itself knows nothing of the authentication scheme.  
That's AuthenticateMethod's concern.

My partner and I agree that it doesn't make sense to throw away Zope's 
built-in security.  But we don't like the hack required to logout a user 
with basic authentication.  Also, we need to implement a record-level 
authorization scheme.  The easiest, most cost-effective way to do this 
seems to be using a database to define user permissions just the way we 
want.

I'd welcome any thoughts you or anyone else might have.




More information about the Zope mailing list