[Zope] Page Template security problem
Chris Beaven
chris at d-designz.co.nz
Tue Sep 27 00:54:05 EDT 2005
I'm having a problem figuring out how to keep things secure while
allowing a proxied script to call a page template correctly.
/details/sendDetails
Python script that is publicly available, receives an email address and
sends that person thier details stored in the database.
The script has proxy rights of "Administrator".
/admin/person/emaildetails.htm
Page template that is secured (admin folder is Administrator only for
"view" and "access contents information").
The anonymous user is prompted for authentication.
If I change emaildetails.htm to a simple "test" text file it works, the
problem seems to lie when the template tries to access any script from
the context. I tried to give those scripts proxy rights too but that had
no effect.
Am I going about this the wrong way, is there something I missed, or am
I just going to have to revert to rewriting the whole details.htm as DTML?
More information about the Zope
mailing list