[Zope] Managing security of DTML manage_changeProperties and DTML API

[Milos Prudek]

Is it insecure to allow Manage properties to Anonymous?

My site does not allow Anonymous to Access management screens, Add DTML 
documents, DTML Methods and Python scripts. So there is no way to slip 
in executable content.

It does allow Authenticated users to create documents, but in ZClass 
form, and ZClass instances only have properties so they should not be 
executable.

But it gives Manage properties to Anonymous. Because for some ZClass 
documents the site records number of readers. So the ZClass' index_html 
has propertysheets.data.manage_changeProperties(readers=readers+1)).

Is it possible to call DTML API through a URL? Like 
http://www.site.com/folder/instance1/propertysheets/data/manage_changeProperties?readers=0 
If it is, I'm hosed :-)

Would it be more secure to disallow Manage properties to Anonymous, 
remove the manage_changeProperties line from ZClass' index_html, put it 
in a single line DTML_Method and give that DTML_Method a Manager Proxy 
role? (I'd prefer to not give Manager proxy role to ZClass' index_html)

-- 
Milos Prudek