[Zope] Zope product security question

Michael R. Schwab Michael.Schwab-mail.zope.org@icantbelieveididthat.com
Tue, 11 Mar 2003 15:06:39 -0600


sean.upton@uniontrib.com wrote:
> This is a good question, and I do not know if this is the case, but I have
> seen behavior with __allow_access_to_uprotected_subobjects__ that would
> suggest that it might be (i.e. it didn't work, and out of frustration, I had
> to go about doing security declarations for my helper objects another, more
> complicated, way).
> 
> This is one place that Zope really makes it difficult to use Python code not
> initially written with Zope in mind.

I don't believe that this is the case.  The classes were written 
specifically for use with Zope.

The issue that I'm facing seems to be Zope's security model.  The ZDG's 
security guide has even specified that object properties that are basic 
Python types cannot have their permissions set via the usual 
security.declarePublic() call (this includes 'id', 'meta_type', 
'title').  These permissions can only be set either by a direct 
assignment of __allow_access_to_uprotected_subobjects__ or declaring the 
default permission via security.setDefaultAccess().

If I specify security.setDefaultAccess( 'deny' ), Zope disallows access 
to object properties such as 'id'.  For example, I am unable to view the 
'id' of my product with the following DTML method:

<standrad>
<h2>Test</h2>
<pre><dtml-var id></pre>

I don't want to specify security.setDefaultAccess( 'allow' ) as this 
would allow access to mutable types within my product from scripts and 
defeats the purpose of setting a strict default security policy.

If anyone has any suggestions, I'd like to hear them...

Michael

> Sean
> 
> -----Original Message-----
> From: Michael R. Schwab
> [mailto:Michael.Schwab-mail.zope.org@icantbelieveididthat.com]
> Sent: Tuesday, March 11, 2003 8:49 AM
> To: zope@zope.org
> Subject: Re: [Zope] Zope product security question
> 
> 
> Paul Winkler wrote:
> 
>>On Mon, Mar 10, 2003 at 03:33:18PM -0600, Michael R. Schwab wrote:
> 
> 
> (snip)
> 
> 
>>>The second method seems to be the newest and most logical approach.
>>>The being exception that the default security access to 'deny' does
>>>not permit me to access attributes from my class that are basic Python
>>>types such as strings (e.g. meta_type from a DTML Method).  I could
>>>declare the default security access to 'allow', but that seems
>>>inherently dangerous from a security standpoint.
>>
>>I think what you're looking for is
>>__allow_access_to_unprotected_subobjects__ = 1
> 
> 
> Having dug a little further into the bowels of Zope, I don't believe 
> that this will work, even if I had wanted to use it.
> 
> Setting __allow_access_to_unprotected_subobjects__ to 1 would be 
> overridden by Globals.InitializeClass.
> 
> In Globals.InitializeClass, there is a check to determine what the 
> default access policy is set to ('allow' or 'deny' via the 
> security.setDefaultAccess() call).  If the default access has been set, 
> __allow_access_to_unprotected_subobjects__ is assigned the value of 
> default access ('deny' == 0 and 'allow' == 1).
> 
> Am I off the mark here?
> 
> 
>>or, just make declarations on specific attributes:
>>
>>security.declarePublic('meta_type')
>>self.meta_type = "blah"
> 
> 
> Thanks,
> Michael
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
>