Blocking Sibling inheritance
Greetings all, I am in the process of examining Zope for some possible applications. Currently I am having an issue with Zope being a bit to smart. I have a directory \Dir1\ and under it I have 2 subdirectories \Dir1\SubA\ and \Dir1\SubB\. The problem I am having is I can go to \Dir1\SubA\SubB\ and gain access to things that are in \Dir1\SubB\, I need to be able to block sibling level inheritance. Is this possible in Zope?? Or are there any other ways to block this with out creating a SubB object in \Dir1\SubA\ ?? Thanks for any and all help Jay
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jay Zeemer wrote: | Greetings all, | I am in the process of examining Zope for some possible applications. | Currently I am having an issue with Zope being a bit to smart. I have a | directory \Dir1\ and under it I have 2 subdirectories \Dir1\SubA\ and | \Dir1\SubB\. The problem I am having is I can go to \Dir1\SubA\SubB\ and | gain access to things that are in \Dir1\SubB\, I need to be able to block | sibling level inheritance. Is this possible in Zope?? Or are there any | other ways to block this with out creating a SubB object in \Dir1\SubA\ ?? The "sibling inheritance" you are describing is Zope's "acquisition". Folders derive from Acquisition.Implicit, which means they are willing to acquire any "non-private" name from their parents. To prevent this behavior, place SubA with a Folder-like object which derives instead from Acquisition.Explicit. Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCJdaGGqWXf00rNCgRAl7lAJ9wkt7LsRDZboQ+syEbVViTceQOkQCfQ3lD P9Ai7Ym0LdNeStCVoEBQTcM= =6IyR -----END PGP SIGNATURE-----
Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jay Zeemer wrote: | Greetings all, | I am in the process of examining Zope for some possible applications. | Currently I am having an issue with Zope being a bit to smart. I have a | directory \Dir1\ and under it I have 2 subdirectories \Dir1\SubA\ and | \Dir1\SubB\. The problem I am having is I can go to \Dir1\SubA\SubB\ and | gain access to things that are in \Dir1\SubB\, I need to be able to block | sibling level inheritance. Is this possible in Zope?? Or are there any | other ways to block this with out creating a SubB object in \Dir1\SubA\ ??
The "sibling inheritance" you are describing is Zope's "acquisition". Folders derive from Acquisition.Implicit, which means they are willing to acquire any "non-private" name from their parents.
To prevent this behavior, place SubA with a Folder-like object which derives instead from Acquisition.Explicit.
I'd need this too. Would I be making a correct assumption when stating that no such folderish product, such as a "aq-blocking Folder", exists yet, but it has to be written (ie by me or anyonelse needing this functionality)? Thanks. /dario -- -- ------------------------------------------------------------------- Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech. "...and click? damn, I need to kill -9 Word again..." - b using macosx
On Thursday 03 March 2005 1:06 am, Dario Lopez-Kästen wrote:
Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jay Zeemer wrote: | Greetings all, | I am in the process of examining Zope for some possible applications. | Currently I am having an issue with Zope being a bit to smart. I have | a directory \Dir1\ and under it I have 2 subdirectories \Dir1\SubA\ and | \Dir1\SubB\. The problem I am having is I can go to \Dir1\SubA\SubB\ | and gain access to things that are in \Dir1\SubB\, I need to be able to | block sibling level inheritance. Is this possible in Zope?? Or are | there any other ways to block this with out creating a SubB object in
\Dir1\SubA\ ??
The "sibling inheritance" you are describing is Zope's "acquisition". Folders derive from Acquisition.Implicit, which means they are willing to acquire any "non-private" name from their parents.
To prevent this behavior, place SubA with a Folder-like object which derives instead from Acquisition.Explicit.
I'd need this too. Would I be making a correct assumption when stating that no such folderish product, such as a "aq-blocking Folder", exists yet, but it has to be written (ie by me or anyonelse needing this functionality)?
Thanks.
I don't know of something like this existing and even more I don't know why you would really want it. Eventually you will understand how and why acquisition works and then you would have a fair bit of work to do to change the stuff back. Zope is not publishing any object that the person viewing the site would not normally have access to so it is not security issue. What you probably need to do is read the zope book and read about how acquisition works. You can use it to make apps a lot faster and save yourself a lot of work by learning how to use it. Acquisition is a major reason that I use zope in the first place and have been using it for about 4 years now.
kosh wrote:
What you probably need to do is read the zope book and read about how acquisition works. You can use it to make apps a lot faster and save yourself a lot of work by learning how to use it. Acquisition is a major reason that I use zope in the first place and have been using it for about 4 years now.
I know how aquisition works and I use it extensively and I am very happy with. Nevertheless I have encounterd a few situations and use cases where I would like to inhibit aquisition for certain specific local contexts, related both to security and to packaging TTW code (actually FSDirView based code _and_ templates) which for various reasons don't make it into Product code. I probably still need to read up/refresh on Aquisition both in the zope book and in Dieters publications, but I feel that an aq-inhibotorish folderish thing would serve it's prupose for my needs in any case. Cheers, /dario -- -- ------------------------------------------------------------------- Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech. "...and click? damn, I need to kill -9 Word again..." - b using macosx
Security issue? I think you are partially right about it not being a security issue because Zope does what it is supposed to do and look where it should. Here is a security issue relating to this acquisition: (IMHO) I have folder 1: /site/dev/customer1/folder/page And folder 1: /site/dev/customer2/folder1/folder2/page Eash customer level folder has acl_users with different/separate accounts. The security at the customer level folder is set to not acquire and no anonymous access. Now here is the problem I see, you type in your URL: someplace.com/site/dev/customer1/folder/page You are asked to authenticate. Then you change your url after authentication to: somplace.com/site/dev/customer1/folder/customer2/folder1/folder1/page And you get right in with no authentication! That should not be allowable. I understand that this would require someone to know the folder structures, but really, in a more simplistic example, all you would need to know is the other client folder name, and you would have access. So what can we do about this? If you dont have acl-users account in a folder you access, you should NOT be able to see the contents. Right? This may be a new subject, I dont mean to stray off topic. On Thu, 3 Mar 2005 01:20:32 -0700, kosh <kosh@aesaeion.com> wrote:
On Thursday 03 March 2005 1:06 am, Dario Lopez-Kästen wrote:
Tres Seaver wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jay Zeemer wrote: | Greetings all, | I am in the process of examining Zope for some possible applications. | Currently I am having an issue with Zope being a bit to smart. I have | a directory \Dir1\ and under it I have 2 subdirectories \Dir1\SubA\ and | \Dir1\SubB\. The problem I am having is I can go to \Dir1\SubA\SubB\ | and gain access to things that are in \Dir1\SubB\, I need to be able to | block sibling level inheritance. Is this possible in Zope?? Or are | there any other ways to block this with out creating a SubB object in
\Dir1\SubA\ ??
The "sibling inheritance" you are describing is Zope's "acquisition". Folders derive from Acquisition.Implicit, which means they are willing to acquire any "non-private" name from their parents.
To prevent this behavior, place SubA with a Folder-like object which derives instead from Acquisition.Explicit.
I'd need this too. Would I be making a correct assumption when stating that no such folderish product, such as a "aq-blocking Folder", exists yet, but it has to be written (ie by me or anyonelse needing this functionality)?
Thanks.
I don't know of something like this existing and even more I don't know why you would really want it. Eventually you will understand how and why acquisition works and then you would have a fair bit of work to do to change the stuff back. Zope is not publishing any object that the person viewing the site would not normally have access to so it is not security issue.
What you probably need to do is read the zope book and read about how acquisition works. You can use it to make apps a lot faster and save yourself a lot of work by learning how to use it. Acquisition is a major reason that I use zope in the first place and have been using it for about 4 years now. _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Greg Fischer 1st Byte Solutions http://www.1stbyte.com
Greg Fischer wrote:
I have folder 1: /site/dev/customer1/folder/page And folder 1: /site/dev/customer2/folder1/folder2/page
Eash customer level folder has acl_users with different/separate accounts. The security at the customer level folder is set to not acquire and no anonymous access. Now here is the problem I see, you type in your URL: someplace.com/site/dev/customer1/folder/page
You are asked to authenticate. Then you change your url after authentication to: somplace.com/site/dev/customer1/folder/customer2/folder1/folder1/page
And you get right in with no authentication! That should not be allowable.
Does that work if you simplify it to: somplace.com/site/dev/customer1/customer2/folder1/folder2/page ? Are you sure 'page' is the page from custoemr 2 and not the one from customer 1? Well, some possibilities: - The user you logged in as comes from a "higher up" user folder, in which case they'd be able to access either customer - there's a serious security hole in zope ;-) If you can reproduce it and are sure everthing is as it should be, boil it down to the simplest possible case that reproduces the bug and chuck it into the collector at: http://www.zope.org/Collectors/Zope ...'cos it'll need urgent attention! cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Jay Zeemer wrote at 2005-3-2 09:43 -0500:
I am in the process of examining Zope for some possible applications. Currently I am having an issue with Zope being a bit to smart. I have a directory \Dir1\ and under it I have 2 subdirectories \Dir1\SubA\ and \Dir1\SubB\. The problem I am having is I can go to \Dir1\SubA\SubB\ and gain access to things that are in \Dir1\SubB\, I need to be able to block sibling level inheritance. Is this possible in Zope?? Or are there any other ways to block this with out creating a SubB object in \Dir1\SubA\ ??
What you see it the effect of Zope's "acquisition". It essentially (but there is more to say) means that any object "acquires" all attributes of its ancestors. In Zope2, it is very difficult to restrict acquisition. Zope3 does by default no longer use acquisition (about which I am sad). -- Dieter
participants (7)
-
Chris Withers -
Dario Lopez-Kästen -
Dieter Maurer -
Greg Fischer -
Jay Zeemer -
kosh -
Tres Seaver