----- Original Message ----- From: "Chris Withers" <chrisw@nipltd.com> To: "Zope Mailing List" <zope@zope.org> Sent: Monday, February 07, 2000 11:37 AM Subject: Re: [Zope] Newbie Security Query
There's nothing *very* bad that can be executed without permission. "objectIds" is questionable.
Okay, now I'm getting nervous... what not-so-bad things can you do?! (going to http://www.zope.org/text_content brought up a very disturbing screen...)
I didn't mean to scare you. I have confidence in Zope's security and what an anonymous person can and can't do. When I said there's "nothing *very* bad", I meant that not everyone would prefer if something like "objectIds" works as it does. But, in truth, it's not really a security hazard. You should just be aware that "security through obscurity" (trying to make methods that are secure just because they have difficult to guess names) definitely is not a good way to go. As for text_content, I don't think that's a "standard" method. Zope.org has some features on it designed to make it a somewhat open book, so that people can learn from it. I don't think there is any way for someone to get at your source code in the current version of Zope without you actually making that possible.
I wonder if anyone at DC could help out here? My wish-list would be to be able to differentiate in a convenient manner between stuff publicly available and stuff that isn't. To generalise this further, I'd love to be able to assign the usability of a method or access to an object on a role basis, with special roles including 'anonymous' for public access and 'system' for calls from other objects. Kindof like putting public: and private: in a C++ or Java class, but with finer control.
I think you can set this up yourself, through extensive use of proxy roles. If you have a method that you don't want to be callable through the web, you can make it require a role of "System". Then, any method you write that needs to use it could have a proxy role of "System". Kevin