If anyone here has the consulting expertise to help implement a solution, please email me separately at m + schnapp + service + marc + dot + com.

(See my elaborations below)

Chris Withers wrote:
Marc Schnapp wrote:
We're running Plone for internal departmental use. I'm going to lock down most of the content, requiring a login to view sensitive documents. But I also want our Google Mini appliance to crawl all content.

Google Mini can do http basic auth, right? If so, you're fine, just put in the basic auth details and define a user in acl_users. Provided the mini presents the credentials without first being challenged by a 401, you'll be fine...

Marc responds:
1) The Google Mini does not accept cookies.
2) Plone barfs if you try tricks like adding a query string to URLs.

1) Is this approach viable? (What are the pitfalls?)

I'd worry about headers being spoofed...

Marc responds:
I don't have to worry about headers being spoofed. The host lives in our dedicated data center behind a VPN concentrator requiring RSA authentication. No one gets to the box unless we already have cleared them through two-phase authentication.

2) What python module is consulted to determine access rights when a page request is made?

The user folder, in your case it'll be the hell known as GRUF. Swap that out for the hell known as PAS ;-)

2) Is this difficult to implement if one has rudimentary Python skills?




Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to