[Zope] Security problems with localFS and PCGI
Alexandre A. Drummond Barroso
alexandre@intelligenesis.net
Fri, 12 May 2000 20:33:22 -0300
When Zope started as PCGI, it runs at the same user of the web server process (I'm using a variant of Apache).
So for every file the web server has access, localFS product has access too. But some areas of the web site are restrict area (must
be accessed with authentication certificates).
If a content manager user can create localFS objects into Zope, the restrict content can be accessed.
Is there a way to configure Zope of localFS to limit access to files in file system?
Thanks for any help.
Alexandre A. Drummond Barroso
Extranet Software Engineer
Intelligenesis Corp.
-----Original Message-----
From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
Graham Chiu
Sent: Friday, May 12, 2000 6:25 PM
To: zope@zope.org
Subject: Re: [Zope] Saving a rendered DTML document with LocalFS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In article <00e201bfbc5b$c3a9e380$04fea8c0@sanwinmain>, Jim Sanford
<jsanford@atinucleus.com> writes
>These are sales/order tracking/forecasting reports. The reports are HTML
>tables and are easier to handle on the file system. They are kept for
>snapshot/historic purposes. (Mostly to have the "evidence" when the sales
>person changes his story to his manager.)
I have an E-commerce site. The final order page with all items, prices
etc is saved to a database as an HTML file so that customers can go back
and look up previous orders from day zero. This is also for historic
purposes.
- --
Regards, Graham Chiu
gchiu<at>compkarori.co.nz
http://www.compkarori.co.nz/x.php?/Shopping
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBORvb4LTRdIWzaLpMEQJQZgCeIUTpsFYzxkploE76b26kag7qoXMAoNXd
hvYhPCEZ1bEZysxUFPOhKB9W
=148u
-----END PGP SIGNATURE-----
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )