AW: [Zope] Problems with manage_clone
On Tue, 4 Apr 2000 a.wacknitz@francotyp.com wrote:
manage_clone() is only allowed to managers. How can I authorize a user without "AUTHENTICATED_USER.has_role('Manager')" to use this method? I
You want to give your method that calls manage_clone a "proxy" role of manager.
But isn't this a security hole? I don't want a user who guesses the name of the method to call the method with arbitrary parameters and do things he is not supposed to do... Andreas ********************************************************************** This email message has been swept by MIMEsweeper for the presence of computer viruses. Francotyp-Postalia AG & Co.
a.wacknitz@francotyp.com wrote:
On Tue, 4 Apr 2000 a.wacknitz@francotyp.com wrote:
manage_clone() is only allowed to managers. How can I authorize a user without "AUTHENTICATED_USER.has_role('Manager')" to use this method? I
You want to give your method that calls manage_clone a "proxy" role of manager.
But isn't this a security hole? I don't want a user who guesses the name of the method to call the method with arbitrary parameters and do things he is not supposed to do...
That's why you have to put proper security on the method itself. If a method has proxy roles, it just gives a user that uses it more permissions than he has normally, by way of exception. THis does not mean you have to open up the use of the particular method for anonymous users... Rik
a.wacknitz@francotyp.com wrote:
But isn't this a security hole? I don't want a user who guesses the name of the method to call the method with arbitrary parameters and do things he is not supposed to do...
Well... if you want an anonymous user to be able to do something, then you have to let an anonymous user do it. There's not much of a way around that. -- ethan mindlace fremen mindlace@imeme.net zope -&- imap email -&- mailing list weave your web with the web at http://imeme.net
On Wed, 05 Apr 2000, you wrote:
a.wacknitz@francotyp.com wrote:
But isn't this a security hole? I don't want a user who guesses the name of the method to call the method with arbitrary parameters and do things he is not supposed to do... If you have your DTML accessible to anon users then sure ,anybody can for instance view the form source and use http module to execute your scripts. If you set the right permissions only for valid users then you are better off. As a thumb rule it is always good to add authorisation check and other logic to all scripts that update a db.
########################## necessity is the mother of invention ##########################
participants (4)
-
a.wacknitz@francotyp.com -
mindlace -
Rik Hoekstra -
sathya