[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security
webmaster@zope.org
webmaster@zope.org
Tue, 15 Oct 2002 06:10:02 -0400
A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-111
---------------
When you visit an executable object by going to its URL or
calling it from DTML or a script, Zope runs the object's
script. The script is restricted by the roles of the object's
owner and your roles. In other words an executable object can
only perform actions that *both* the owner and the viewer are
authorized for. This keeps an unprivileged user from writing a
harmful script and then tricking a powerful user into executing
the script. You can't fool someone else into performing an
action that you are not authorized to perform yourself. This is
how Zope uses ownership to protect against server-side
Trojan horse attacks.
% Anonymous User - Oct. 15, 2002 6:10 am:
(see also http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-32)
If the executable object /view.py is applied on the object /data/a_file
by calling http://site/data/a_file/view.py
then it can only perform actions that
[the owner of /view.py is authorized to perform on /data/a_file ]
AND
[ [the viewer is authorized to perform on /data/a_file ]
OR [ /view.py has proxy-roles that authorize on /data/a_file ]]
Is this right?