[Zope] Question about security

Harris Peter PHarris@jimbeam.co.uk
Wed, 22 Nov 2000 09:25:19 -0000


Dieter wrote:

>Joaldo Junior writes:
 >> Does anyone can inform if is there any kind of function, 
 >> which a common user can change your password by the same way a superuser
can
 >> do in ACL_User?
>Look at the built-in Zope API reference: User object.
>The User object has methods to read and change the information
>associated with a user.

>These methods are (of cause) protected such that only
>users with high priviledges can execute them.
>You will need to set a proxy role for the DTML object
>that calls them, in order to allow less priviledged users
>to call them.

>Dieter

I'm sorry, I must be missing something.

The API reference I have doesn't contain any such thing. Neither does the
Zope book, before anyone else suggests that. The DTML on zope.org uses
a method that isn't recognised by the standard User Folder, so no help
there.

If ANYONE has EVER successfully implemented a way for users to
change their own passwords using standard 2.2 Zope then *please* - 
post your source code here or put a HOWTO on zope.org!
 
It's a basic requirement of any system that uses passwords, but if it can't
be
done just admit it. After all, zope is still *quite* good without it. ;-)

Peter Harris ()



****************************************************************************
This message and any files transmitted with it are confidential.  
The contents may not be disclosed or used by anyone other 
than the addressee. 
If you have received this communication in error, please delete 
the message and notify JBB (Greater Europe) Plc immediately 
on 0141-249-6285.

The views expressed in this email are not necessarily the views 
of JBB (Greater Europe) PLC.  
 As it has been transmitted over a public network, 
JBB (Greater Europe) PLC makes no representation nor accepts 
any liability for the email's accuracy or completeness unless 
expressly stated to the contrary.

Should you, as the intended recipient, suspect that the message 
has been intercepted or amended, please notify 
JBB (Greater Europe) Plc immediately on 0141-249-6285.

****************************************************************************