[Web4lib] Segregation of content between public websites and portals

Thomas Bennett bennetttm at appstate.edu
Wed Aug 8 15:37:32 EDT 2007 

See http://zope.org and http://plone.org
download and test it out, its all Open Source and no charge.

Security can be quite granular on Zope.

We are using Zope behind Apache and a little bit of Plone.  The entire site is 
stored in an Object Oriented database (ZODB) making backups easy.  In Zope 
individual pages can have security settings.  In fact this can be 
incorporated into sections of a page.  For example a page might have:

<dtml-var page_header>
<dtml-var vital_information>
<dtml-if expr="authenticated_user.role==some_group_on_this_server">
  <dtml-var feedback_form>
</dtml-if>

<br />This text would show as regular text on the WEB page.<br />

<dtml-comment> CHECK FOR CERTAIN IP RANGE </dtml-comment>
<dtml-comment>assign result (1 or 0) to hostname </dtml-comment>
<dtml-call "REQUEST.set('hostname',some_python_script_to_check_ip_range)">
<dtml-if hostname>
  <dtml-var links_to_more_info>
<dtml-else>
  <dtml-var links_to_guest_pages>
</dtml-if>

<dtml-if some_variable_passed_here_exists>
  <dtml-var private_information>
  <dtml-var call_some_python_script>
<dtml-var page_footer>

This is not exactly correct syntax but I think it conveys the idea of what may 
be done.  The dtml-vars are individual documents in this example.  Also, I 
have been using dtml for years but the better method would be Zope Page 
Templates which are more xml style syntax which can easily be edited in a 
commercial or Open Source WEB editor.  You can specify global users and roles 
or local to individual directories.  There are several authentication methods 
available such as LDAP and others.  There are database adapters for most 
popular databases and a few odbc database adapters which allow you to use 
queries called from your page to display data.  To use a database once an 
adapter is installed you create add a Z SQL Method that holds your query 
using the same syntax you would on a console interface for that database. See 
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/RelationalDatabases.stx 
for more info on using external databases.

With Paramiko you can create through the WEB scripts that us SSH or SFTP.  One 
I have created is a link to a script that allows a user to backup a 
Postgresql database before making changes with other through the WEB forms.

  Most utility pages that staff and faculty use here are in a folder requiring 
a login and then all the pages may be viewed with a valid login such as the 
form to add online database information to the database server for dynamic 
pages.  There is through the WEB editing, ftp, or webdav on the port of your 
choice.  Our library help desk page requires a login and every faculty and 
staff member has a login on the server although this can be done through 
LDAP.

There are many options for setting up Zope, look for ZEO storage server which 
allows Zope to be a client to the storage server.  This lets you run multiple 
Zopes on different machines to one storage or one Zope to fail over to other 
storages.

I could go on but this is probably more than some wanted to see for now 
anyway.

Thomas
On Wednesday 08 August 2007 12:07, Randy Norwood wrote:
> My law school is in the process of reworking our website (new design,
> reorganized/rewritten content). The intent is to make the site more of a
> vehicle for recruitment, focused on the needs of prospective students, than
> a catch-all information center for everyone associated with, or interested
> in, the law school.
>
> We also are implementing a portal/intranet using SharePoint, where most of
> the content is targeted to current students, faculty and staff, and would
> require authentication for access. We have been assuming that information
> about services (such as IT services) that are available only to students,
> faculty and staff would be mostly located on the intranet, with only a
> brief summary on the public website. The problem with this approach is that
> being able to see the extent and quality of services provided can be a
> powerful recruiting or PR tool.
>
> My question is how other libraries have approached the problem of where to
> put content (public web vs. secured portal/intranet). Is there a
> significant downside (e.g., security risks ) to keeping IT-related
> information (no applications) publicly-accessible?

-- 
====================================================================
Thomas McMillan Grant Bennett		Appalachian State University
Operations & Systems Analyst		P O Box 32026
University Library				Boone, North Carolina 28608
(828) 262 6587

They say a picture is worth a thousand words.  As videos could be 25 pictures 
per second and might last several minutes, how many words is that? 
- Linux Journal, July 2007

Library Systems Help Desk: http://www.library.appstate.edu/help/
====================================================================

More information about the Web4lib mailing list