[Zope] Password Conflict (Restatement)

Dan Shafer dan@danshafer.com
Tue, 26 Nov 2002 17:54:30 -0800


Now *this* sounds promising. I will look into scripts with Proxy roles. 
Wow. Amazing stuff.

On Tuesday, November 26, 2002, at 05:20  PM, Clemens Robbenhaar wrote:

>
>  [...]
>> My client would like to allow anyone to whom he issues a password
>> (which one of my scripts randomly generates on demand) the ability to
>> run those scripts which update the site, but not do any other site
>> updating or be able to see other aspects of the site.
>>
>> So when a person goes to the URL he gives them, they are challenged 
>> for
>> a password. If they supply the proper password, they should then be
>> allowed to visit the HTML forms which execute the Python scripts which
>> in turn update the Zope database.
>
>  If I understand right, this kind of visitor does not need an identity,
> the visitor has just to provide the proper password.
>
> What I can think of in this context are Python scripts with Proxy
> Roles.
>
>  I.e. You store the valid password or set of valid password to trigger
> the update action somewhere only accessible to someone with "Manager"
> role.
>
>  Then You create the "update" form or the like with the password field,
> whose action is a python script, which checks if the password is valid,
> and if it is, triggers the update action on the ZODB (or whatever).
>
>  Normally this would already fail when verifying the password, as one 
> needs
> manager role to access them, and the user has no manager role. However 
> You
> can give the script a "proxy role" as "Manager" via the "Proxy" tab in
> the ZMI. The statements in the script then will be executed as if the
> current user would have a manager role, and the statements should be
> executed successfully.
>
>  More about proxy roles is in the Zope book,
>   http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx
> section "Proxy Roles" near the bottom, in case You did never run into
> them.
>  These proxy roles can cause security holes; if e.g. You make an error
> in the password verification allowing e.g. empty password to verify
> successfully, everybody can call the update code via this script.
>
> hope this helps,
> clemens
>