[Zope] Zope 2, local python script security
David H
bluepaul at earthlink.net
Wed May 23 17:26:39 EDT 2007
Hi Zope list,
I have a (zope 2.8.8-final) folder that gives users with the role
"Authenticated"
the following Permissions:
-------------------------------
. access contents
. view
- note: no webDav or FTP access is allowed
-------------------------------
Playing around with wget and curl I find I can (with proper
authentication) download the "published" but not raw source of zpt and
python files available in the folder.
So, for example, the script "\folder\pyDate" returns '2007/05/23' not
its source, e.g.
# module: pyDate
from DateTime import DateTime
return DateTime().Date()
This is the behavior I want - as we have a requirement to keep source
secure.
I realize that source in Zope-Instance/Extensions is the most secure but
I'm interested in local script security.
Thanks,
David
More information about the Zope
mailing list