[Zope] Password Conflict (Restatement)

[Clemens Robbenhaar]

 [...]
 > My client would like to allow anyone to whom he issues a password 
 > (which one of my scripts randomly generates on demand) the ability to 
 > run those scripts which update the site, but not do any other site 
 > updating or be able to see other aspects of the site.
 > 
 > So when a person goes to the URL he gives them, they are challenged for 
 > a password. If they supply the proper password, they should then be 
 > allowed to visit the HTML forms which execute the Python scripts which 
 > in turn update the Zope database.

 If I understand right, this kind of visitor does not need an identity,
the visitor has just to provide the proper password.

What I can think of in this context are Python scripts with Proxy
Roles.
 
 I.e. You store the valid password or set of valid password to trigger
the update action somewhere only accessible to someone with "Manager"
role.

 Then You create the "update" form or the like with the password field,
whose action is a python script, which checks if the password is valid,
and if it is, triggers the update action on the ZODB (or whatever).

 Normally this would already fail when verifying the password, as one needs
manager role to access them, and the user has no manager role. However You
can give the script a "proxy role" as "Manager" via the "Proxy" tab in
the ZMI. The statements in the script then will be executed as if the
current user would have a manager role, and the statements should be
executed successfully.

 More about proxy roles is in the Zope book,
  http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx
section "Proxy Roles" near the bottom, in case You did never run into
them. 
 These proxy roles can cause security holes; if e.g. You make an error
in the password verification allowing e.g. empty password to verify
successfully, everybody can call the update code via this script.

hope this helps,
clemens