[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security

webmaster@zope.org webmaster@zope.org
Mon, 23 Sep 2002 20:17:16 -0400


A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-103

---------------

      Zope offers some protection from this kind of Trojan horse. Zope
      helps protect your site from server-side to Trojan attacks by
      limiting the power of web resources based on who authored them.
      If an untrusted user authors a web page, then the power of the
      web pages to do harm to unsuspecting visitors will be
      limited. For example, suppose an untrusted user creates a DTML
      document or Python script that deletes all the pages in your
      site. If they attempt to view the page, it will fail since they
      do not have adequate permissions. If a manager views the page,
      it will also fail, even though the manager does have adequate
      permissions to perform the dangerous action.

        % Anonymous User - Sep. 23, 2002 8:14 pm:
         /to Trojan/Trojan/

        % Anonymous User - Sep. 23, 2002 8:17 pm:
         /they/unauthorized users/