I think I may just have reinvented a kind of cgi-proxy for authentication 
purposes. Seems to work nicely so far, but oh, so ugly. Thus I would be 
gratefull for any pointers towards some more enlightened solution.

Problem to solve: External php based facility needs to be made available to 
logged in zope users only, but have no built in mechanism to to 
handle "everyone must log in to see anything at all" situations. Some users 
can be synced by way of sql, but many can not. This is a given.

My solution so far: An external method that wraps wget. Rearanges the url to 
connect via, and use original host as host header. Use Apache to 
close access to everyone but Rest of the script basically shuffles 
headers back and forth from zope to wget, and back. and the script can of 
course be subject to normal zope access checks.

If no major flaws with this approach appears, I will of course replace wget 
with urllib, and perhaps even productify the thing, but before I do that I 
have this nagging feeling of reinventing the wheel that I need to address...


Gaute Amundsen

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to