I would like to know howto limit the access to the properties of a folder. For example, now everybody can view them doing a xml-rpc query like (in python):
w=xmlrpclib.Server('http://www.my_server.com/') w.propertyItems()
Disabling "Access contents information" permission of the folder for anonymous solves this. But I haven't found any reference about this, and I don't know if this is correct. At a first glance, changing this permission is annoying, because many other objects acquire this property from there (the folder is the root folder of a project), and "nothing" works well .... Is there another permission ? (It doesn't seem...) Or is storing sensible datas in folder properties a really bad idea ? Thank you ! -- __o _ \<_ (_)/(_) Saludos de Julián EA4ACL -.-
=?ISO-8859-1?Q?Juli=E1n_Mu=F1oz?= writes:
... Or is storing sensible datas in folder properties a really bad idea ? Zope security framework gives you some flexibility, but you cannot do every special requirements completely straight forward.
Put your sensible properties in special objects (rather than on folders used for organizing insensible content). Protect these special objects in a special way (e.g. remove "Access contents information" from Anonymous). Of course, access to these properties now becomes a bit more cumbersome, but increased security has its price... Dieter
participants (2)
-
Dieter Maurer -
Julián Muñoz