-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://collective-docs.plone.org/security/permissions.html#bypassing-permiss... (works only from trusted code like browser views or package code - not from PythonScripts) - -aj Brian Sullivan wrote:
I am looking at a situation (an online self registry process) where I want to allow a user that is not logged in to be able to create a user and do a number of other functions normally reserved for and restricted to logged in users with a fairly elevated rights. I need to perform these functions from a Python script.
What is the best strategy for doing this? I am thinking that creating a separate python script that has elevated rights and allowing Anonymous access to it and calling it from a script that does not have elevated rights is the best strategy to manage it. Am I creating a huge security hole by doing this? _______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )
- -- ZOPYX Limited | zopyx group Charlottenstr. 37/1 | The full-service network for Zope & Plone D-72070 Tübingen | Produce & Publish www.zopyx.com | www.produce-and-publish.com - ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJNDF54AAoJEADcfz7u4AZjP3ALv3Wf/qV13mgyzFz3Stm81tYg PMe2v/mj2eYfLFXuPR4LhTnickMfRJJNdD/LYwOdK6GLgvh307GkM/0mrCrpeHoO pIizuTuYhsl5ITdaUF3R+VcHlRmIZsNrYIEummmNAQjMW0hLA3XEefv9KvlV+P53 q6rzHq4n9T4JkKBh/QX0KiMVZOHeRjV1AnC3hXyqhbZCd8/pCgJDVsecbEBWlFrj izDhb6q+THHsjzRTbKzljnXJw8/he8TeCbN8cmjrlAVW5UhO/AIRQ2ikPh2GybAl pUSRuHux78+WRaw4av1WG+XBWVS1uZNmJnsNFPNr8NY7OE7hvSBttZTVzWmf9VyT jHWkpNKRROd83mpfZuHh3m9Ei6v5AvCFzr5Lt1O/M4bH4Rki8aqRqyzDy9fYEIW1 +CAhxUN511v2zSmcpmLClhkErZQP3qp0uXi+TIAj+/tbrXs8I7/fOlo/VWXMzxNy XM85seHdMYlWgsRbX/sVJKn5NOpqLsk= =UTd0 -----END PGP SIGNATURE-----