[Zope] Re: External Methods, Proxy Roles, and Executable Security
Dieter Maurer
dieter at handshake.de
Wed Nov 23 15:01:26 EST 2005
Tres Seaver wrote at 2005-11-22 16:51 -0500:
> ...
>The actual problem here is a confusion of "authorization" with
>"containment constraints": the CopySupport code is using a single check
>to test both, which makes it impossible to do the Right Thing (TM):
>either the proxy roles should be taken into account, in which case the
>containment constraint may be violated, or they shouldn't, in which case
>a proxy-role-granted script cannot be used to perform a "controlled"
>paste which would otherwise not be authorized.
Not sure that I follow you:
In my view, "all_meta_types" can be used to enforce
"containment constraints". "CopySupport" handles this
it a perfect fashion.
After this "containment constraints" check, it
checks that the copying/moving/renaming user has the
right to add the object in the destination folder
(it fact, it checks that the creating action can be traversed to,
which is a bit different and fails when the action contains a
query string).
Modern versions take proxy roles into account.
The problem is that trusted code lacks a means to
set proxy roles -- thus, it cannot do what untrusted
code with appropriate proxy roles can.
--
Dieter
More information about the Zope
mailing list