[Zope] calling scripts from scripts and permission
massimop at users.berlios.de
massimop at users.berlios.de
Thu Nov 25 14:18:19 EST 2004
Il giorno gio, 25-11-2004 alle 20:02 +0100, Robert Rottermann ha
scritto:
> Massimo,
> there are two things to consider.
> The rights of the first script which is manager and should therefore be
> enough for what ever you want to do.
> BUT:
> the maximum rights it can acquire when running the second script are the
> ones the owner of that script has.
> To avoid cross scripting attacks a script will always run with the
> rights of the script owner.
> Otherwise you could try to trick some manager to execute a malicious
> script you do not have enough credentials to run.
>
> Robert
>
thanks for your answer
unfortunately both the scripts are owned by Manager...
still no clue
thanks
massimo
More information about the Zope
mailing list