[Zope] Product architecture question (long)

Nikko Wolf nikko-wolf at earthlink.net
Thu Jun 9 13:34:31 EDT 2005


Dieter Maurer wrote:

>Nikko Wolf wrote at 2005-6-7 14:25 -0600:
>
>>- I do not want ANY access by unauthorized users. Obviously they
>>  must be able to reach a login page, and get instructions on how
>>  to request an account, password reset, etc.
>>
>
>Put all content in a subfolder of your site and
>remove "View" and "Access contents information" from
>"Anonymous".
>
See previous post.  Is there a current, good tutorial for securing Plone 
from unauthorized use (SSL notwithstanding)?

>>- Here's the complication -- each file will have potentially
>>  multiple versions in process at once.  Each version of a file
>>  may have a different state, and I'd like to have a history of
>>  all changes to each version as they go through the workflow.
>>
>
>Indeed, a bit more complex.
>
>I would model a "file" as a folder like structure containing
>the various versions and give it the "right" behaviour.
>
Currently, I've implemented scripts to do part of this -- although I 
would not say I've "modeled" anything as much as simply "implemented" 
scripts & ZPT to allow access in the manner needed.

The issue is that there is no separation of workflow and content 
view/actions, and there should be, since the workflow may change and I'd 
like to use the workflow interface to handle those changes (if possible).

>>- Once a file/version is submitted for review, any of the reviewers
>>  may work on it, it is not necessary that one role preceded the other,
>>  but it is required that a user in each role approve the file.
>>
>
>What does that mean?
>
>   Do you have "technical reviewer", "style revierwer", "aestetic reviewer",
>   ... and require that at least one from each role approves?
>
Something like that: someone from each role must approve the version 
before it can be submitted for final editor approval (not exactly 
footnotes to a bibliography added by different roles / experts in a 
field, but that's similar).  Hence, they will actually make minor 
changes/additions before they approve.

>
>- We need to have good automated backup solution for the content
>  (as in mirroring the content on another host).
>
>
>There is a commercial Zope.com solution.
>
>We use mirrored disks and a high availablity cluster.
>
Ah, the drawback of an opaque (and custom) data store.  

Instead I've got a cron script that will shutdown zope and backup the 
entire directory tree.  Soon I'll add a second script to pull these 
files back from the DMZ for archival/storage.

However my question is this -- is it necessary for me to shutdown zope 
to snapshot the directory?  Given the times of access, I'm *almost* 
guaranteed that it's been idle for 1+ hours when I do this (famous last 
words, though those may be).

Knowing that zope is event-driven (and no sleeper thread):
  -- is there any consistency issues of backing up (Data.fs)
     without stopping?
  -- is there another feature of "zopectl" that would tell
     it to "sync" the DB to the file system? "help" gives:
       EOF     fg         kill      quit    run   start  test
       adduser foreground logreopen reload  shell status wait
       debug   help       logtail   restart show  stop

After some testing, I'll probably share the script & crontab entries.

>>4) How does one secure a Zope+Plone site?
>
>
>One uses HTTPS and standard authentication.
>
>One tells the users that good passwords are essential.
>
>One does not store clear text password.
>
The content isn't important enough that I worry about anything that even 
simple passwords and SSL can't prevent.

I've looked but found no Zope SSL capabilities, so does this requires 
placing Zope behind Apache, right? 
Ref: http://www.zope.org/Members/simonb/howtos/Set%20Up%20SSL

Thanks in advance,
Nikko


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20050609/40775fe5/attachment.htm


More information about the Zope mailing list