[Zope] debugging security issues
Godefroid Chapelle
gotcha@swing.be
Sun, 22 Apr 2001 22:42:39 +0200
Hi all,
I am blocked by a bad security issue when playing with some ZPatterns
objects.
I am trying to find a way to go on.
I have been reading both Zope security and ZPatterns source code.
I have been stepping in code both with python and Pythonwin debuggers
and cannot understand why I always get the following error message even
when accessing URL as a manager or setting multiple proxy roles :
_________
Traceback (innermost last):
File
E:\BubbleNetTestSite\lib\python\ZPublisher\Publish.py, line 222, in
publish_module
File
E:\BubbleNetTestSite\lib\python\ZPublisher\Publish.py, line 187, in
publish
File
E:\BubbleNetTestSite\lib\python\ZPublisher\Publish.py, line 171, in
publish
File
E:\BubbleNetTestSite\lib\python\ZPublisher\mapply.py, line 160, in
mapply
(Object: index_html)
File
E:\BubbleNetTestSite\lib\python\ZPublisher\Publish.py, line 112, in
call_object
(Object: index_html)
File E:\BubbleNetTestSite\lib\python\OFS\DTMLDocument.py,
line 189, in __call__
(Object: index_html)
File
E:\BubbleNetTestSite\lib\python\DocumentTemplate\DT_String.py, line 538,
in __call__
(Object: index_html)
File
E:\BubbleNetTestSite\lib\python\DocumentTemplate\DT_With.py, line 146,
in render
(Object: defaultRack.getItem('100'))
File E:\BubbleNetTestSite\lib\python\OFS\DTMLMethod.py,
line 261, in validate
(Object: index_html)
File
E:\BubbleNetTestSite\lib\python\AccessControl\SecurityManager.py, line
144, in validate
File
E:\BubbleNetTestSite\lib\python\AccessControl\ZopeSecurityPolicy.py,
line 168, in validate
Unauthorized: id
_______
The id above is an original zope object id.
I think there is a point that I do not get.
I would appreciate any hint on security issues or ways of debugging my
problem...
--
Godefroid Chapelle
BubbleNet sprl
rue Victor Horta, 30
1348 Louvain-la-Neuve
Belgium
Tel 010 457490
Mob 0477 363942
TVA 467 093 008
RC Niv 49849