OK let me state that I don't think so (subject line). I had to choose this subject, because it seems to me, that nobody was interested in my previous attempts to get information about my problem. So here is my newbie (?) question again: I have the folders: /www/folder1 /www/folder2 Apache redirects domain1 to folder1 and domain2 to folder2. The manager of folder1 is able to browse to /www and see what folders exist there. He shouldn't, because he only exists in the acl_user of /www/folder1. He even can look into the folder /www/folder2 (but not into the objects). Is it possible to disable the access for the folder1-manager above folder1? It doesn't seem to me. If it really isn't possible, there is no security at all for ISP uses of Zope. But I'm sure, there should be a possibility. I even created a local role in /www/folder1 too. Even with the local role I can browse /www and /www/folder2! Any suggestions? TIA -goe- _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Stephan Goeldi wrote:
OK let me state that I don't think so (subject line). I had to choose this subject, because it seems to me, that nobody was interested in my previous attempts to get information about my problem. So here is my newbie (?) question again:
I have the folders:
/www/folder1 /www/folder2
Apache redirects domain1 to folder1 and domain2 to folder2. The manager of folder1 is able to browse to /www and see what folders exist there. He shouldn't, because he only exists in the acl_user of /www/folder1. He even can look into the folder /www/folder2 (but not into the objects).
Is it possible to disable the access for the folder1-manager above folder1? It doesn't seem to me. If it really isn't possible, there is no security at all for ISP uses of Zope. But I'm sure, there should be a possibility.
I even created a local role in /www/folder1 too. Even with the local role I can browse /www and /www/folder2!
Any suggestions?
Create the user in the top level folder that they are allowed to see. Not in the /www folder HTH, -- Tim Cook -- Cook Information Systems | Office: (901) 884-4126 8am-5pm CDT Free Practice Management Project Coordinator http://www.freepm.org OSHCA Founding Supporter http://www.oshca.org
Create the user in the top level folder that they are allowed to see. Not in the /www folder
That alone wouldn't do it if we are talking about "seeing the objects", e.g. by calling the "objectIds" method in the root folder. You also have to switch off the root folder's "Access contents information" rights for Anonymous and the sub-tree managers. I think Zope security is really a bit weak here because the standard settings are NOT blocking "Access contents information" and blocking it makes programming a bit harder ... BUT: You CAN configure it correctly if you want to. Joachim -- Iuveno - Smart Communication Joachim Werner _________________________________________ Marie-Curie-Straße 6 85055 Ingolstadt Tel.: +49 841/90 14-325 (Fax -322) Mobil: +49 179/39 60 327 E-Mail: joachim.werner@iuveno.de/joachim.werner@iuveno-net.de WWW: www.iuveno.de/www.iuveno-net.de
Also, consider adding an accessrule. This won't stop them from using __no_before_traverse__ or _SUPPRESS_ACCESSRULE but it will make it 'appear' there is nothing more than the current level. knight knight@phunc.com On Fri, 13 Oct 2000, Tim Cook wrote:
Stephan Goeldi wrote:
OK let me state that I don't think so (subject line). I had to choose this subject, because it seems to me, that nobody was interested in my previous attempts to get information about my problem. So here is my newbie (?) question again:
I have the folders:
/www/folder1 /www/folder2
Apache redirects domain1 to folder1 and domain2 to folder2. The manager of folder1 is able to browse to /www and see what folders exist there. He shouldn't, because he only exists in the acl_user of /www/folder1. He even can look into the folder /www/folder2 (but not into the objects).
Is it possible to disable the access for the folder1-manager above folder1? It doesn't seem to me. If it really isn't possible, there is no security at all for ISP uses of Zope. But I'm sure, there should be a possibility.
I even created a local role in /www/folder1 too. Even with the local role I can browse /www and /www/folder2!
Any suggestions?
Create the user in the top level folder that they are allowed to see. Not in the /www folder
HTH, -- Tim Cook -- Cook Information Systems | Office: (901) 884-4126 8am-5pm CDT Free Practice Management Project Coordinator http://www.freepm.org OSHCA Founding Supporter http://www.oshca.org
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Joachim Werner -
knight -
Stephan Goeldi -
Tim Cook