One way to do this is to peek at the HTTP_REFERER value coming from the browser before you serve the document. If the document is in a file object, then you can use a precondition for this, which is a callable object.
It could be written as follows in a python script: request = context.REQUEST if not request.HTTP_REFERER.startswith(request.SERVER_URL): raise 'NotFound' If you make a script and then specify it for the preconditions of your files, then it would only allow downloads coming from another URL on your site. No direct URL or linking from outside would be allowed with a standard browser. However, one could easily circumvent this by spoofing the HTTP_REFERER on the client. This would assume a certain level of sophistication on the part of the would be spoofer. To make it a bit harder you could use sessions or cookies and validate those in your precondition instead. This would be harder to fool if you did it right. -Casey On Tuesday 12 November 2002 07:11 pm, General Info wrote: > i have the following situation. > i want the users to be able to download non html documents if that document is refered to from an html document. however, i dont want the users to be able to type the url and document name on the url box of their browers and be able to download it. > for example: > the documents exist in http://www.wwwdotcom.com/nonhtmldocs/doc1.pdf > however, i dont want the users to type that url on their browser and access doc1.pdf > i only want them to access it if that particular document is linked from an html document. > i have seen some websites that do that w/ images. how can i do that on zope? is it possible? > > i would appreciate any comments/suggesstions. > > -roberto > _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )