Forum OpenACS Q&A: Restricting access to a subdirectory
A while back I asked somewhere (might have been on IRC) what
the "right" way to restrict access to a hierarchy of my website was.
Previously we had written AOLserver filters that checked for the
group membership of a person. There doesn't appear to be any
official way to do this, but I did discover that if I create a
directory in the site map that matches the one I want to protect, and
mount the Page application there with the same directory name, I can
grant/revoke the read permission there, and that seems to work. Can
anyone think of a reason why I shouldn't do this that way?
One reason I did think of was that I would have to remember to
manually setup the mounting and permissions when we migrate content
to our production server. If I wanted to add a security filter,
where should I put it?
I have done it also this way. Is the correct way to do this?