[Zope] Stuck with newSecurityManager in an access rule
Chris Withers
chrisw at nipltd.com
Fri Sep 5 16:07:52 EDT 2003
Gilles Lenfant wrote:
> Hi,
>
> I used successfully newSecurityManager in a Product to change dynamically
> the user during a transaction (running some methods as owner).
That's a highyl dodgy thing to do, just so you know...
> I tried to use this to change dynamically the user in a special folder
> hierarchy based on a request parameter.
That sounds even more dodgy, what if someone spoofs that request parameter?
> The newSecurityManager is executed but seems to have no effect on the user
> during the rest of the transaction :
I'm not suprised, it's really not designed to be used like that...
> Did I miss something somewhere ? Why such a construct works in a Product and
> not in an external method ?
What are you trying to do here, this seems like a terrifically dangerous way to
go about it, whatever it is...
Chris
More information about the Zope
mailing list