Hi all, i have a little security problem. let me explain. root/ index_html foo/ acl_users/ bar/ Image I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. After searching at Zope.org i tested with <dtml-var "restrictedTraverse('foo/bar/Image')"> but this doesnt works. How do i authenticate myself in foo if i access the folder via dtml. Thanks as P.S.: Sorry for my bad english
Andre Schubert wrote:
Hi all,
i have a little security problem. let me explain.
root/ index_html foo/ acl_users/ bar/ Image
I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. After searching at Zope.org i tested with <dtml-var "restrictedTraverse('')"> but this doesnt works. How do i authenticate myself in foo if i access the folder via dtml.
Thanks as
P.S.: Sorry for my bad english
Hi Andre How about in index_html: <dtml-with foo/bar> <dtml-var image> </dtml-with> and give a proxy role to the method (however I would not give a proxy role to index_html but use a separate methode which then is called/included in index_html). (I think this question would fit better to the zope@zope.org mailing list than to this one ;-) Regards --- Flynt
Andre Schubert writes:
i have a little security problem. let me explain.
root/ index_html foo/ acl_users/ bar/ Image
I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. I expect, you get hit by a (in my view stupid) security feature:
When you are not authorized to access an object, then you should not even see that it is there. This is achieved by turning "Unauthorized" exceptions into "KeyError" exceptions under some circumstances. The effect is similar to what you describe (at least, if I interpret "got no access" as a "NameError" or "KeyError" for "Image"). If, however, you keep getting "Unauthorized" exceptions (i.e. login requests), then the reason may be that your initial request did not get authenticated by "foo/acl_users" but by a higher level "acl_users" that does not assign the correct role to the user. Dieter
Dieter Maurer schrieb:
Andre Schubert writes:
i have a little security problem. let me explain.
root/ index_html foo/ acl_users/ bar/ Image
I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. I expect, you get hit by a (in my view stupid) security feature:
When you are not authorized to access an object, then you should not even see that it is there.
This is achieved by turning "Unauthorized" exceptions into "KeyError" exceptions under some circumstances.
The effect is similar to what you describe (at least, if I interpret "got no access" as a "NameError" or "KeyError" for "Image").
If, however, you keep getting "Unauthorized" exceptions (i.e. login requests), then the reason may be that your initial request did not get authenticated by "foo/acl_users" but by a higher level "acl_users" that does not assign the correct role to the user.
This is exactly what i want. I want a user wich has to login with foo/acl_users. And this user should be allowed to view the Image trough dtml. Have i missunderstand restrictedTraverse, which says that a object will be accessed by traversing a path and checking permissions for each object. as
Dieter
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Andre Schubert writes:
Have i missunderstand restrictedTraverse, which says that a object will be accessed by traversing a path and checking permissions for each object. No, you did not. That's how "restrictedTraverse" should work....
Dieter
Dieter Maurer schrieb:
Andre Schubert writes:
Have i missunderstand restrictedTraverse, which says that a object will be accessed by traversing a path and checking permissions for each object. No, you did not. That's how "restrictedTraverse" should work....
Oh, does that mean that i was on the right way????? Is there another solution to perform this?????
Dieter
Andre Schubert writes:
Andre Schubert writes:
Have i missunderstand restrictedTraverse, which says that a object will be accessed by traversing a path and checking permissions for each object. No, you did not. That's how "restrictedTraverse" should work.... Oh, does that mean that i was on the right way????? Is there another solution to perform this????? Try "restrictedTraverse".
Almost surely, it will need "Access contents information" which you might grant to "Anonymous"(?). Dieter
On Saturday 24 November 2001 01:40, Andre Schubert wrote:
root/ index_html foo/ acl_users/ bar/ Image
I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. After searching at Zope.org i tested with <dtml-var "restrictedTraverse('foo/bar/Image')"> but this doesnt works. How do i authenticate myself in foo if i access the folder via dtml.
In your "Image" object, give the "Access Contents Information" to the role "Anonymous" (or whoever usually views index_html), but keep "View" forbidden for Anonymous (allowed only for "foobar" role owners). This way, the var tag (which could have been called by Anonymous) will be able to "see" the object, and Zope will authenticate automatically, if this is necessary in order to view it. For security reasons, your Image object will not even be "found", if the caller's role does not have the "Access Contents Information" permission. I find this a good idea and reason. There is no difference whether you climb to "Image" using restrictedTraverse, the "with" tag, or directly. All these will have identical results. If you want to avoid the separate permission settings (because you have a lot of Image objects you want to behave like that), either give "index_html" a proxy role that has the "Access Contents Information" permission on "Image" (or the whole "bar" folder), or use unrestrictedTraverse in index_html. hth, Danny
Danny William Adair schrieb:
On Saturday 24 November 2001 01:40, Andre Schubert wrote:
root/ index_html foo/ acl_users/ bar/ Image
I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. After searching at Zope.org i tested with <dtml-var "restrictedTraverse('foo/bar/Image')"> but this doesnt works. How do i authenticate myself in foo if i access the folder via dtml.
In your "Image" object, give the "Access Contents Information" to the role "Anonymous" (or whoever usually views index_html), but keep "View" forbidden for Anonymous (allowed only for "foobar" role owners).
So it is.
This way, the var tag (which could have been called by Anonymous) will be able to "see" the object, and Zope will authenticate automatically, if this is necessary in order to view it.
This doesn't work, because the user it not known in root where the index_html is, the user is known in the folder view.
For security reasons, your Image object will not even be "found", if the caller's role does not have the "Access Contents Information" permission. I find this a good idea and reason.
There is no difference whether you climb to "Image" using restrictedTraverse, the "with" tag, or directly. All these will have identical results.
If you want to avoid the separate permission settings (because you have a lot of Image objects you want to behave like that), either give "index_html" a proxy role that has the "Access Contents Information" permission on "Image" (or the whole "bar" folder), or use unrestrictedTraverse in index_html.
hth, Danny
as
participants (4)
-
Andre Schubert -
Danny William Adair -
Dieter Maurer -
flynt