[Zope] [ZGotW] Issue #3 (Closed)

Zope Guru of the Week ZGotW@palladion.com
Fri, 11 Feb 2000 13:33:45 US/Pacific


The current issue of "Zope Guru of the Week" has closed:

===================================================================
Issue #3 -- Acquiring Permissions
===================================================================

       Status:  Closed 

    Zen Level:  Master (5/8)

     Keywords:  Acquisition Security / Permissions 

 Submitted by:  Tres Seaver tseaver@palladion.com
-------------------------------------------------------------------
 When assembling a site using custom-defined ZClasses, I find
 that I often have to go back into the classes and assign
 Proxies to particular methods, giving them Manager rights,
 in order to allow anonymous users to browse the site or submit
 content.

 * Is this a security hole? (think setuid/setgid scrips in a
   Unix filesystem)

 * Should I be doing something else?

    - mapping permissions on my ZClasses?

    - creating special "default" users in an acl_users folder?

    - what else?



-------------------------------------------------------------------

  Reviewed by:  Tres Seaver tseaver@palladion.com
-------------------------------------------------------------------
Hmmm, I didn't guess that *no one* would venture a reply on this topic.

Oh well, I'll close it and move on.


-------------------------------------------------------------------