A new issue of "Zope Guru of the Week" is available: =================================================================== Issue #3 -- Acquiring Permissions =================================================================== Status: Open Zen Level: Master (5/8) Keywords: Acquisition Security / Permissions Submitted by: Tres Seaver tseaver@palladion.com ------------------------------------------------------------------- When assembling a site using custom-defined ZClasses, I find that I often have to go back into the classes and assign Proxies to particular methods, giving them Manager rights, in order to allow anonymous users to browse the site or submit content. * Is this a security hole? (think setuid/setgid scrips in a Unix filesystem) * Should I be doing something else? - mapping permissions on my ZClasses? - creating special "default" users in an acl_users folder? - what else? ------------------------------------------------------------------- To reply and win undying glory and mondo guru points: http://zope.palladion.com/demos/ZGotW/3