[Zope] [ZGotW] Issue #3 (Open)
Zope Guru of the Week
ZGotW@palladion.com
Thu, 03 Feb 2000 13:43:01 US/Pacific
A new issue of "Zope Guru of the Week" is available:
===================================================================
Issue #3 -- Acquiring Permissions
===================================================================
Status: Open
Zen Level: Master (5/8)
Keywords: Acquisition Security / Permissions
Submitted by: Tres Seaver tseaver@palladion.com
-------------------------------------------------------------------
When assembling a site using custom-defined ZClasses, I find
that I often have to go back into the classes and assign
Proxies to particular methods, giving them Manager rights,
in order to allow anonymous users to browse the site or submit
content.
* Is this a security hole? (think setuid/setgid scrips in a
Unix filesystem)
* Should I be doing something else?
- mapping permissions on my ZClasses?
- creating special "default" users in an acl_users folder?
- what else?
-------------------------------------------------------------------
To reply and win undying glory and mondo guru points:
http://zope.palladion.com/demos/ZGotW/3