On 29.06.09 19:33, yuppie wrote:
Hi Andreas!
Andreas Jung wrote:
On 29.06.09 12:48, yuppie wrote:
3.) remove security declarations from ZCTextIndex and DateRangeIndex
All the other indexes don't have security declarations. AFAICS there is no way to access indexes from untrusted code without having the 'Manage ZCatalogIndex Entries' permission.
I think that all index implementation should have security assertions?!
Why?
'_catalog.indexes' is protected by the underscore and using the 'Indexes' alias is protected by 'Manage ZCatalogIndex Entries'. Only additional security restrictions would have any effect.
Or am I missing a security hole?
Not sure. I created a catalog /catalog and an index 'my_index'. Within a debug shell:
app.catalog.Indexes['my_index'] <FieldIndex at my_index>
app.unrestrictedTraverse('catalog/Indexes/my_index') <FieldIndex at /catalog//my_index>
app.restrictedTraverse('catalog/Indexes/my_index') Traceback (most recent call last): File "<stdin>", line 1, in ? File "/Users/ajung/sandboxes/Zope-2.11/2.11/lib/python/OFS/Traversable.py", line 301, in restrictedTraverse return self.unrestrictedTraverse(path, default, restricted=True) File "/Users/ajung/sandboxes/Zope-2.11/2.11/lib/python/OFS/Traversable.py", line 236, in unrestrictedTraverse next = guarded_getattr(obj, name) AccessControl.unauthorized.Unauthorized: You are not allowed to access 'Indexes' in this context
hmmmm... Andreas