[Zope] Anonymous security
briansullivan at gmail.com
Sat Dec 18 16:56:19 EST 2010
Yeah -- I rediscovered Proxy roles and that seems like the most
straightforward strategy -- not sure if there counter indicators
though that would make that strategy problematic.
On Sat, Dec 18, 2010 at 10:42 AM, Bart Jansen
<bart.jansen at esac.climbing.nl> wrote:
> Hi all,
> When I face a situation like Brian describes I am used to using Proxy
> roles on the publicly available script to give it permission to do the
> restricted actions. Is that a good approach or should I not use this?
> One of the difficulties when using Proxy roles is that they do not
> propagate to the scripts/methods being called by the script that has the
> Proxy roles set.
> Regards, Bart
> PS. I'm new on the mailing list. My name is Bart Jansen and in my spare
> time I manage a couple of Zope2 sites for non-profit student sports
> clubs in the Netherlands.
> Op 18-12-2010 8:10, Andreas Jung schreef:
>> (works only from trusted code like browser views or package code - not
>> from PythonScripts)
>> Brian Sullivan wrote:
>>> I am looking at a situation (an online self registry process) where I
>>> want to allow a user that is not logged in to be able to create a user
>>> and do a number of other functions normally reserved for and
>>> restricted to logged in users with a fairly elevated rights. I need to
>>> perform these functions from a Python script.
>>> What is the best strategy for doing this? I am thinking that creating
>>> a separate python script that has elevated rights and allowing
>>> Anonymous access to it and calling it from a script that does not have
>>> elevated rights is the best strategy to manage it. Am I creating a
>>> huge security hole by doing this?
>>> Zope maillist - Zope at zope.org
>>> ** No cross posts or HTML encoding! **
>>> (Related lists -
>>> https://mail.zope.org/mailman/listinfo/zope-dev )
> Zope maillist - Zope at zope.org
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-dev )
More information about the Zope