[Zope-dev] uuid.UUID as a rock in zope.security

Hanno Schlichting hannosch at hannosch.eu
Fri Apr 10 12:31:50 EDT 2009


Zvezdan Petkovic wrote:
> On Apr 10, 2009, at 11:32 AM, Hanno Schlichting wrote:
>> We do have the use-case of allowing trusted people to add templates or
>> code TTW and many other things like data level and view based  
>> security.
>> The RestrictedPython case however is something we will gladly give up.
> 
> Trusted people!?
> Are you checking their ID at the door?
> 
> All you have in terms of trust are their credentials.

Sure, that's called authentication. Happens to be the same in any
technical or physical world.

> You don't want to allow many, many things TTW, even if they logged in  
> with the trusted credentials.

We are in the business of content management. The most valuable
information the system and the entire physical machine has is the
content in the system. You don't run web applications on any kind of
shared servers where the system has any more valuable data.

A person who is allowed to steal or delete the entire content is what I
call trusted. The potential additional damage of that person breaking
out of the web application is a minor concern compared to this. Allowing
any kind of TTW development is always going to be an explicit opt-in,
but if you are willing to allow this, we won't try to stop you with
limited access anymore.

Hanno



More information about the Zope-Dev mailing list