Fundamentals of Zope Security
Hello all, Simple problem: a password change form. The form is a page template. It submits to another page template. This page template calls a python script that changes your password in LDAP (via external methods). I'm leaving off quite a bit, here, of course. How can I secure the python scripts so that clever users cannot arbitrarily execute them? I realize that its a big question, but I'm thinking I need to fundamentally shift some of my own paradigms, and I'd appreciate all input on the subject. Thanks, --- Edward J. Pollard, B.Sc Webmaster, University of Lethbridge
--On Freitag, 17. September 2004 11:26 Uhr -0600 Edward Pollard <pollej@uleth.ca> wrote:
Hello all,
Simple problem: a password change form.
The form is a page template. It submits to another page template. This page template calls a python script that changes your password in LDAP (via external methods). I'm leaving off quite a bit, here, of course.
How can I secure the python scripts so that clever users cannot arbitrarily execute them?
Write the script in a way that you determine the username based on the authentencation from Zope (getSecurityManager().getUser().getUserName()) and then change the password in LDAP using the passed password from the form. This should be safe enough since the script does not allow you to pass the username and it will only change the password for the logged in user. I don't see a way to fake authentication at this point. -aj
Hi Edward,
Simple problem: a password change form.
The form is a page template. It submits to another page template. This page template calls a python script that changes your password in LDAP (via external methods). I'm leaving off quite a bit, here, of course.
How can I secure the python scripts so that clever users cannot arbitrarily execute them? First you have to protect the templates and scripts assigning no-view permissions for Anonymous. Then you could get the authenticated user from the external method and see if he's changing its own password; otherwise, you could raise an Unauthorized exception.
Regards, Josef
participants (3)
-
Andreas Jung -
Edward Pollard -
Josef Meile