[Zope] Folder and SQL security
R. David Murray
bitz@bitdance.com
Tue, 5 Sep 2000 00:37:23 -0400 (EDT)
On Mon, 4 Sep 2000, George wrote:
> asks for the password even for the viewing. Then I enable 'access the
> content' and the site works as long as I do not try to use sql. When I
> how ever enable 'use sql methods' permission they can access my
> database, delete and add entries to it. What do I have to do to allow
Chris may have pointed you in the right direction, but depending on
the complexity of what you are doing you may also need to learn about
using proxy roles. This allows you to write a dtml-method that
an anonymous user can call, where the dtml-method can accessed
privileged functions. Since you control the method code, you
thereby control the security of that access and can limit it
to just what you need to make the site functional.
--RDM