[Zope-CMF] Should we invert security?

Shane Hathaway shane@digicool.com
Thu, 7 Jun 2001 13:51:57 -0400


On Thursday 07 June 2001 12:49, seb bacon wrote:
> Sounds good to me, and should fit most applications.  However, I
> wonder what someone who wants the current behaviour should do.  Put
> security checks in their dtml I guess.  Isn't there a more elegant
> solution?  I can't think of one but I'm not very elegant :)

No, that won't be necessary.  There will have to be a one-time 
conversion script that explicitly sets permission mappings where they 
are currently implicit.

Shane

> * Shane Hathaway <shane@digicool.com> [010607 16:00]:
> > Right now the security strategy used by CMFDefault is "deny by
> > default". Each member folder is set up to deny access to anonymous
> > users and other members.  Objects within a member folder allow
> > access depending on their workflow state.
> >
> > But the problem with this strategy, which seems right at first, is
> > subtle: you might be able to access content without being able to
> > access the container of the content.  So DTML that tries to use
> > PARENTS[0], which really ought to be available, raises a security
> > exception.  This is a problem right now on cmf.zope.org.
> >
> > I think we should switch to "allow by default".  Member folders
> > won't have any special security settings, but when you create
> > content, it might be restricted by default so that other users
> > can't see it until it's ready to be published.
> >
> > Do you agree?  It would sure simplify things IMHO.
> >
> > Shane