[Zope] how to set anonymous access to authorized content?

Dieter Maurer dieter at handshake.de
Mon Jan 12 13:42:33 EST 2009


Jaroslav Lukesh wrote at 2009-1-12 11:35 +0100:
>>>But what to do with ZSQL methods? I was create Python script called
>>>ZSQL_query:
>
>Hi all,
>
>so the only one functional and clean method is to use web_client.
>
>External method:
>
>from ZPublisher import Client
>def wc_list(xmyparam='URL parameter',xmyparam1='URL parameter'):
>    return 
>Client.call('http://authorized.domain.com/page.htm','login_username','login_password', 
>myparam=xmyparam, myparam1=xmyparam1)

I do not think that this is a good solution: it is risky to make
web requests to ones own Zope instance.

To see the risk, assume for a moment that your allow just for a single
worker. Then http requests to itself will deadlock deterministically.

The risk is smaller for larger numbers of workers -- but never zero.
For two workers, assume that both start to execute requests that
later make the client call. Deadlock will be the result again.
 

Why does the Python script with proxy role not work (I did not understand
this)? It should!



-- 
Dieter


More information about the Zope mailing list