[Zope-dev] Methods through the Web (security?)

Chris Withers chrisw@nipltd.com
Thu, 18 May 2000 16:04:11 +0100


Martijn Faassen wrote:
> So you have something like:

[snip]

> Of course this sounds like it could get unwieldy, unless there was
> some clear user interface.

This would be unwieldy, I prefer the suggestion I made (obviously ;-)
which gets around this...

> > From the point of view of an xml-rpc based
> > client app, having objectIds and the like may be an absolute
> > necessity, while from a pure HTTP standpoint many would
> > at best consider it superfluous or at worst consider it
> > a security hole.

Well, yes, but its the same problem no matter what your protocol:
Should a user be able to do something with a method or
should a method used by user be able to do something with a method?
The second case, the use is defined by the person who wrote the
application, the first case it's defined by the (possibly malicious)
user...
This sounds a lot like proxy roles, I know, but they'er just to clumsy
for this special case...

> Um, is there a good workaround then, if you turn it off? I mean,
> if you turn off 'Access Contents Information' *and* you want a
> DTML method that generates an index of all subfolders, what do you
> do? Work with proxies?

Yes, lots of them and in a very complicated fashion which is easy to
screw up and so defeat the point of doing it in the first place ;-)

cynically,

Chris

PS: I'll try and cheer up later :S