[Zope-PTK] Membership Design

[Bill Anderson]

Chris Withers wrote:
...
> > I put roles, domains, listed, and password onto a propertysheet (of the DataSkin variety).
> > The password is stored encrypted. There is a 'downside' to this, in that you can't just
> > send someone their password. On the other hand, that means the password isn't in
> > cleartext.
> 
> In the most secure circumstances, it's good if you _can't_ send someone
> their password, 'cos it proves you don't haev access to it yourself ;-)

Yup. my sentiments exactly.

...

> > The aspect of this that concerns me, is the roles being in a propertysheet. Just how
> > accessible to the user are these? IIUC, they can only change the properties if they have
> > permission. But this would theoretically mean they can change their own roles.
> 
> Erk, bad :( Is there any way you can protect this propertysheet with a
> seperate (or the 'Manager') roll?

After the three suggestions, I looked around some more. Looks like I can select a
permission for the propertysheet. So I will be doing this.
 
> > My concern is that they
> > could write DTML that changes these properties, giving themselves the manager role, for
> > instance.
> > Now, on sites where members/users don't get to write DTML, this is clearly a lesser issue.
> 
> They wouldn't even need to write DTML, they can probably do the change
> through urls with arguments appended...

Depends on how the methods are written. There is a HowTo on SQL and aquisiition that
illustrates it.

> 
> > BTW, Yes, I know about the __ thing, that's how the previous/current release operates. My
> > problem has been in modifying the roles from Zope. Given the lack of response on the
> > lists, I get the feeling I'm not alone in this. :/
> 
> I think I missed these posts :S


S'ok, you caught the realtime questions on it on #zope :)


--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.