On Fri, May 04, 2001 at 05:17:55PM -0700, Michel Pelletier wrote:
Something that is dangerous about this script is that it does no security checking at all. Anyone one user with acces to the shell is essentialy promoted to a superuser through the shell. It would not be difficult for you to add security checkpoints to you code using the explicit securitymanager api documented in the developer's guide.
I'll look into that, but this isn't a priority yet. I prefer to have something which provides more commands quick, and look at other aspects later. I've only used it as a Manager however, but I thought that the underlying security would be taken care of by Zope itself when calling dangerous methods (like manage_delObjects for example) as a non Manager user. Am I wrong ? bye, Jerome Alet