[Zope] maintaining consistent security settings across cloned sites

Dennis Allison allison at sumeru.stanford.EDU
Tue Aug 26 11:43:45 EDT 2003 

Paul,

Thanks for the input.  I hope it isn't too big a job...

The problem we've seen is that the security settings don't transfer with
the object.  Usually that does not matter since most security settings are 
inherited and/or acquired.  The problem lies with the few that have
something special--and inevitably that breaks something.

On Tue, 26 Aug 2003, Paul Winkler wrote:

> On Tue, Aug 26, 2003 at 10:06:34AM -0700, Dennis Allison wrote:
> > 
> > I'm looking for a tool that will help maintain security settings, having
> > been burned a couple of times.  What I need is:
> > 
> > 1. A tool to traverse a site and build a database of security settings 
> > that must be set for each of the various roles.  Ideally this would 
> > remove redundancies and, perhaps, raise warnings when settings look 
> > strange.
> > 
> > 2. A tool to apply said database to a site which is similar but, perhaps, 
> > not identical in structure--that is, some extra folders(and enclosed
> > material) might appear in one site and not in another.
> > 
> > 3. It would be nice if the security settings database could be read and
> > edited off-line so they could be reviewed and corrected as a unit.
> > 
> > 4. It has to be able to handle proxies.
> > 
> > 5. It has to be able to handle roles beyond the usual Anonymous,
> > Authorized, Manager, and Owner.  It's OK to demand that both sites have
> > the same user defined roles.
> > 
> > Anyone done anything like this?  
> 
> Not me... #2 might be handled by an item on my TODO list for ZSyncer;
> I need to be able to independently sync and examine various features of objects:
> content, contained items, properties, security settings, DublinCore metadata.  
> Also need to take all this stuff into account for comparing whether items are "in sync". 
> Also need to provide features for viewing a comparison of each of these aspects 
> (so you could see e.g. what security settings are different).
> 
> However, your requirements 1, 3, and 4 would be out-of-scope for ZSyncer.
> Also, this is probably a big job and i have no idea when i'll have anything working.
> 
> -- 
> 
> Paul Winkler
> http://www.slinkp.com
> Look! Up in the sky! It's THE RABID SATIRE!
> (random hero from isometric.spaceninja.com)
> 
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
>

More information about the Zope mailing list