[Zope] zope access to external files

Ricardo Anguiano anguiano@codesourcery.com
04 Mar 2003 11:32:13 -0800


Paul Winkler <pw_lists@slinkp.com> writes:

> On Tue, Mar 04, 2003 at 10:56:51AM -0800, Ricardo Anguiano wrote:
> > > if the users are zope users, sure - just an a LocalFS for each user
> > > and restrict access to the owner.
> > 
> > Yes, the users are zope users.  I did exactly what you describe and it
> > works great.
> 
> you might want to double-check your setup to be sure that tricks
> involving ../ do not let the user access files they should not.

It doesn't appear that one user can dot-dot-slash their way into
another other user's directory.  Even if they guess the path, they are
asked for authentication again if they get it right.  User1 not being
defined in User2/acl_users, and restricting User2/content to owner
makes it hard for User1 to access User2's content.

Thanks for the reminder though,
-- 
Ricardo Anguiano
http://www.codesourcery.com