[Zope] Quick Security Question (Anonymous "Add Documents, Images, and Files")

Adam Warner lists@consulting.net.nz
09 Nov 2001 10:40:52 +1300


On Fri, 2001-11-09 at 03:02, Jeffrey Robinson wrote:
> It may be easier/safer to use the proxy tab on your python script to give it
> "manager" status (or the like) giving only the script the ability to upload
> images.
> 
> Without a proxy the script would run with the permissions of the requesting
> user.

Excellent advice thanks Jeffrey! I had also thought my original choice
might allow anonymous file uploads via FTP (but I overlooked the
separate FTP access setting).

I agree that just giving this script the ability to create a file is
superior to every script on my site having the permission (though not
the capability) to be able to do so.

Regards,
Adam