[Zope] Re: Aquisition, UserFolder and security

bruno modulix bruno at modulix.org
Fri Sep 30 09:11:56 EDT 2005


Tres Seaver wrote:
> bruno modulix wrote:
> 
> 
>>>Dieter, I didn't misunderstood your proposed solution. But some users
>>>exist in different CPMs with different roles in each CPM. So - unless
>>>I'm totally at lost with how Zope's security works - if User1 has role
>>>RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2,
>>>he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url
>>>cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in
>>>any CPM could gain access to any other CPM just by faking url.
> 
> 
> The Zope security machinery goes out of its way to prevent such an
> exploit:  

Which one ? I have the case where authentication happens in the context,
not containment, ie given two sibling folders fa and fb, each with it's
own acl_user, if UserA exists in fa['acl_users'] and not in
fb['acl_users'], then UserA is still authenticated in fb when accessing
it thru fa/fb (while he is not when accessing fb directly).

> essentially, it considers only "containment" acquisition when
> evaluating roles, etc.

I wasn't very sure about this. If I understand correctly, this means
that authentication can come from an acl_user aquired by context (this
is what I've experimented), but that roles/permission lookup will only
happens in the containment hierarchy ?

-- 
Bruno Desthuilliers
Développeur
bruno at modulix.org


More information about the Zope mailing list