[Zope] Aquisition, UserFolder and security

Dieter Maurer dieter at handshake.de
Fri Sep 30 13:11:18 EDT 2005


bruno modulix wrote at 2005-9-30 09:38 +0200:
> ...
>Dieter, I didn't misunderstood your proposed solution. But some users
>exist in different CPMs with different roles in each CPM. So - unless
>I'm totally at lost with how Zope's security works - if User1 has role
>RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2,
>he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url
>cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in
>any CPM could gain access to any other CPM just by faking url.

In fact, this should not be the case:

  The user comes from some user folder and gets the roles
  associated with it in that user folder.

  Due to acquistion fakes the authorizing user folder may
  not be the one adequate for the object being accessed.

  However, part of the access check is the verification
  that the object is governed by the authorizing user folder
  (this means the object must be at or below the folder
  containing the authorizing user folder). If this verification
  fails and the access was protected in the first place,
  then access will be denied.

  Thus, acquisition fakes should not be able to give a user
  higher priviledges on an object than it would get by
  a user folder which governs the object.

Summary:
  Only your "Portal" user folder can give "CPM" priviledges
  higher than the one granted by the "CPM" user folder.
  User folders of other "CPM"s cannot do this.

-- 
Dieter


More information about the Zope mailing list