Hi, I've been trying to get something sensible done with GenericUserFolder, but keep on running into this problem: ----------- 2000-02-22T16:15:19 ERROR(200) GUF http://newserver:8080/test_access/acl_users/userAuthenticate raised an exception (('Unauthorized', 'You are not authorized to access <em>SQL_get_password</em>.', <traceback object at 85ec318>)) ----------- SQL_get_password is a ZSQL method like: --------------------------- SELECT password as real_password FROM users_tmp WHERE name=<dtml-sqlvar username type=string> --------------------------- with as Argument "username" I've given all possible permissions to the SQL method, but no dice :( Any suggestions? Greetings, Michiel --
From a Sun Microsystems bug report (#4102680): "Workaround: don't pound on the mouse like a wild monkey."
Michiel Toneman wrote:
Hi,
I've been trying to get something sensible done with GenericUserFolder, but keep on running into this problem:
----------- 2000-02-22T16:15:19 ERROR(200) GUF http://newserver:8080/test_access/acl_users/userAuthenticate raised an exception (('Unauthorized', 'You are not authorized to access <em>SQL_get_password</em>.', <traceback object at 85ec318>)) -----------
SQL_get_password is a ZSQL method like:
--------------------------- SELECT password as real_password FROM users_tmp WHERE name=<dtml-sqlvar username type=string> --------------------------- with as Argument "username"
I've given all possible permissions to the SQL method, but no dice :(
Any suggestions?
I think you need to give the userAuthenticate and userList methods a proxy role of "Anonymous". Cheers, Matt. -- Matt Goodall | Isotek Electronics Ltd email: mgg@isotek.co.uk | Claro House, Servia Road Tel: +44 113 2343202 | Leeds, LS7 1NL Fax: +44 113 2342918 | England
On Tue, 22 Feb 2000, Matt Goodall wrote:
Michiel Toneman wrote:
Hi,
I've been trying to get something sensible done with GenericUserFolder, but keep on running into this problem:
----------- 2000-02-22T16:15:19 ERROR(200) GUF http://newserver:8080/test_access/acl_users/userAuthenticate raised an exception (('Unauthorized', 'You are not authorized to access <em>SQL_get_password</em>.', <traceback object at 85ec318>)) -----------
SQL_get_password is a ZSQL method like:
--------------------------- SELECT password as real_password FROM users_tmp WHERE name=<dtml-sqlvar username type=string> --------------------------- with as Argument "username"
I've given all possible permissions to the SQL method, but no dice :(
Any suggestions?
I think you need to give the userAuthenticate and userList methods a proxy role of "Anonymous".
Cheers, Matt.
I think you're correct. James W. Howe suggested the "Manager" proxy role, and everything works great now. Thanks from a very happy and relieved Zoper ;-), Greetings, Michiel --
From a Sun Microsystems bug report (#4102680): "Workaround: don't pound on the mouse like a wild monkey."
On Tue, 22 Feb 2000, Matt Goodall wrote:
Michiel Toneman wrote:
----------- 2000-02-22T16:15:19 ERROR(200) GUF http://newserver:8080/test_access/acl_users/userAuthenticate raised an exception (('Unauthorized', 'You are not authorized to access <em>SQL_get_password</em>.', <traceback object at 85ec318>)) -----------
SQL_get_password is a ZSQL method like:
--------------------------- SELECT password as real_password FROM users_tmp WHERE name=<dtml-sqlvar username type=string> --------------------------- with as Argument "username"
I've given all possible permissions to the SQL method, but no dice :(
Any suggestions?
I think you need to give the userAuthenticate and userList methods a proxy role of "Anonymous".
Yer, although it is generally a proxy role of 'Manager'. If you're SQL methods are accessible to the Anonymous role you may have an absolutly huge security hole on your site. -- ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen
participants (3)
-
Matt Goodall -
Michiel Toneman -
Stuart 'Zen' Bishop