[Zope] security dilemma?
Zhen Zhou
Zhen Zhou <bi90496@binghamton.edu>
Thu, 9 Nov 2000 13:18:18 -0800
please bear with my ignorance, because this is the first couple of day
I ever try Zope. It is super cool, but I should say that the
documentation is far from satisfaction.
Here is my problem:
The only API I can find to alter the properties of some object is
"manage_changeProperties". However, in order to execute this method in
my script, I have to give the "Manage properties" permission to
everyone, which may lead to severe security problems because the
method "manage_changeProperties" is web accessible, so a malicious
user can bypass my script and execute this method to change the
properties to whatever he want.
My questions are:
1, is there any API that can change properties of some object but can
not be accessed from the web?
2, is there any way to store a small piece of persistent data beside
using properties?
Thanx.
Derek