[Zope] Re: superuser confusion

Tino Wildenhain tino@wildenhain.de
Tue, 05 Sep 2000 13:37:10 +0200


Hi, 

Chris McDonough wrote:
> 
> On Tue, 5 Sep 2000, Evan Simpson wrote:
> 
> > > I've got to say I agree with you here.  I'm still not 100% sure why the
> > > superuser or bootstrap user can't own anything.
> >
> > It's due to a combination of the trojan horse issue and the sticky
> > authentication issue, I think.  You really don't want to be authenticated as
> > super very often, because while you are, if you visit a page someone else
> > wrote, they can make your browser do evil things to your site.  This is also
> > true of Managers, but less so.  Similarly, a page owned by non-super has
> > tighter permissions than one owned by the super would.
> 
> Yes... the PDG security chapter has all of this in it, but it would seem
> that neither Chris W or I are completely satisfied by these answers.  :-)
> It seems a matter of diminishing returns, especially when newbies hit the
> wall during install, since we haven't provided them with an airbag yet.

Uhm. In the changes.txt there is mentioned that something had to be
changed for tighter security. "The superuser can not own" is the same
thing like not working with root privilegues on any unix system or log
in as
such. May be one should write it in <H1> all over the page where
the download of zope is ;-)
That may be the confusing part: one has to read while working with
mostly 
text based applications ;-)

Ok, the switching of user context is a bit painful with current
authentication.
One has to close all instances of the browser and reopen to log in as
new user.
May be the log-out-trick with the forced "unauthorized" response could
help.

Sometimes it is better to force people to think about security instead
of having
them complain after a break in about a faulty product.

just my 0.02 penny ;-)

Regards
Tino