[Zope] Trouble with Generic User Folder
Stuart 'Zen' Bishop
zen@cs.rmit.edu.au
Mon, 28 Feb 2000 15:26:34 +1100 (EST)
On Tue, 22 Feb 2000, Matt Goodall wrote:
> Michiel Toneman wrote:
> >
> > -----------
> > 2000-02-22T16:15:19 ERROR(200) GUF
> > http://newserver:8080/test_access/acl_users/userAuthenticate raised
> > an exception (('Unauthorized', 'You are not authorized to access
> > <em>SQL_get_password</em>.', <traceback object at 85ec318>))
> > -----------
> >
> > SQL_get_password is a ZSQL method like:
> >
> > ---------------------------
> > SELECT password as real_password FROM users_tmp
> > WHERE
> > name=<dtml-sqlvar username type=string>
> > ---------------------------
> > with as Argument "username"
> >
> > I've given all possible permissions to the SQL method,
> > but no dice :(
> >
> > Any suggestions?
>
> I think you need to give the userAuthenticate and userList methods a
> proxy role of "Anonymous".
Yer, although it is generally a proxy role of 'Manager'. If you're
SQL methods are accessible to the Anonymous role you may have
an absolutly huge security hole on your site.
--
___
// Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au
// E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au
//__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen