[ZPT] No proxy roles in page templates? What do I do then?

Dieter Maurer dieter@handshake.de
Thu, 27 Sep 2001 09:33:52 +0200 (CEST)


R. David Murray writes:
 > On Wed, 26 Sep 2001, Itai Tavor wrote:
 > > If you mean that the PT will call a script which has proxy roles,
 > > that wouldn't help at all IMO, because the script will need to be
 > > publicly accessible, opening a security hole.
 > >
 > > I want to ensure that certain object interface methods are only
 > > called by authorized methods, and are not accessible TTW nor by DTML
 > > or PT methods written by other Zope users. So I protect those
 > 
 > I fail to see a security difference between having a publicly accessible
 > Template with a proxy Manager role and having a publicly accessible
 > script with a proxy Manager role.  In either case you control what
 > is accepted as input and don't control what is done with the output
 > (though granted it is harder to prize the info out of the results
 > returned by the template).
 > 
 > Maybe I'm just missing something, though...
I agree with you!

Furthermore, while difficult, it is possible to prevent
the script from being directly called from the Web.

  You give the object an "index_html" attribute
  returning a page "Not allowed to be used via Web"
  or raising an exception.

  I posted corresponding code to the mailing list (I hope, at least...).

We should lobby the Zope developers that this becomes easier.


Dieter