[Zope] Fundamentals of Zope Security

Edward Pollard pollej at uleth.ca
Fri Sep 17 13:26:04 EDT 2004


Hello all,

Simple problem: a password change form.

The form is a page template. It submits to another page template. This 
page template calls a python script that changes your password in LDAP 
(via external methods). I'm leaving off quite a bit, here, of course.

How can I secure the python scripts so that clever users cannot 
arbitrarily execute them?

I realize that its a big question, but I'm thinking I need to 
fundamentally shift some of my own paradigms, and I'd appreciate all 
input on the subject.

Thanks,

---
Edward J. Pollard, B.Sc
Webmaster, University of Lethbridge



More information about the Zope mailing list