[Zope] [ANN] ZShell 0.2
Jerome Alet
alet@unice.fr
Sat, 5 May 2001 09:17:32 +0200
On Fri, May 04, 2001 at 05:17:55PM -0700, Michel Pelletier wrote:
>
> Something that is dangerous about this script is that it does no security
> checking at all. Anyone one user with acces to the shell is essentialy
> promoted to a superuser through the shell. It would not be difficult for
> you to add security checkpoints to you code using the explicit
> securitymanager api documented in the developer's guide.
>
> http://sourceforge.net/projects/zope-devel/
I'll look into that, but this isn't a priority yet. I prefer to have something
which provides more commands quick, and look at other aspects later.
I've only used it as a Manager however, but I thought that the underlying
security would be taken care of by Zope itself when calling dangerous
methods (like manage_delObjects for example) as a non Manager user.
Am I wrong ?
bye,
Jerome Alet