Re: [Zope] Help (emergency) How to Undo last ZODB transaction when Zope
Chris wrote,
Try:
And I was shocked and dismayed to find out that this actually works. It seems like a huge potential security breach for the unwary, since it is available for any attacker. Granted, access rules are not really intended for security, but it is very easy to assume that they always work, and make decisions with security implications based on that assumption. I read digests, so I only saw Gerd's request for help now; I would expect the right answer to be what the AccessRule product says: """ If an Access Rule is broken, and is preventing normal access, it can be disabled by restarting Zope with environment variable SUPPRESS_ACCESSRULE set. """ Because this is only available to people who can manage Zope anyway. (looking for the exact variable name, I ran into the URL modification trick mentioned under "History"... so I hereby RTFM myself. Well, not really; I have read the FM before, and it wasn't there!) Have fun, Shai.
And I was shocked and dismayed to find out that this actually works. It seems like a huge potential security breach for the unwary, since it is available for any attacker. Granted, access rules are not really intended for security, but it is very easy to assume that they always work, and make decisions with security implications based on that assumption.
I can't see any security-related issues here. I mean, if you don't do anything against it (like having a packet-filter/firewall/proxy in front of the Zope server), any of the original ports will still be kind of accessible anyway. Regardless whether you can override the access rule or not. How would you "protect" a site using siterules I'm not talking about Apache siterules, which can savely be used for protection I guess. Joachim
Joachim Werner wrote:
I can't see any security-related issues here. I mean, if you don't do anything against it (like having a packet-filter/firewall/proxy in front of the Zope server), any of the original ports will still be kind of accessible anyway.
To close the ftp and webdav (I suppose this is what you mean), add the -X flag, followed by -w<Web port> and/or -F <fast-cgi socket>, to your Zope start-up script.
Regardless whether you can override the access rule or not. How would you "protect" a site using siterules I'm not talking about Apache siterules, which can savely be used for protection I guess.
Now, under the assumption that access rules are always in force, you could do a lot of things, most obviously trying to prevent direct access to some methods (in my experience, proxy roles can bring you hours of anguish). Under "Security" here I'm pulling not just mere access, but also pre-conditions for access. Suppressing the access rule might in some cases violate assumptions of such, which could possibly lead to many problems -- from simple errors to security breaches. In my opinion, an access rule which is overridable from the request is an invitation for trouble -- security-wise or otherwise. Have fun, Shai.
On 02 Aug 2001 11:41:06 +0300, Shai Berger wrote:
Chris wrote,
Try:
And I was shocked and dismayed to find out that this actually works. It seems like a huge potential security breach for the unwary, since it is available for any attacker. Granted, access rules are not really intended for security, but it is very easy to assume that they always work, and make decisions with security implications based on that assumption.
I read digests, so I only saw Gerd's request for help now; I would expect the right answer to be what the AccessRule product says: """ If an Access Rule is broken, and is preventing normal access, it can be disabled by restarting Zope with environment variable SUPPRESS_ACCESSRULE set. """ Because this is only available to people who can manage Zope anyway.
Well, for those running a zserver with, say dozens of virtual hosts, it would really suck to have to restart everybody's sites, just for one site's mistake. Bill
participants (3)
-
Bill Anderson -
Joachim Werner -
Shai Berger