[Zope] Anonymous security

Brian Sullivan briansullivan at gmail.com
Fri Dec 17 14:00:10 EST 2010


I am looking at a situation (an online self registry process) where I
want to allow a user that is not logged in to be able to create a user
 and do a number of other functions normally reserved for and
restricted to logged in users with a fairly elevated rights. I need to
perform these functions from a Python script.

What is the best strategy for doing this? I am thinking that creating
a separate python script that has elevated rights and allowing
Anonymous access to it and calling it from a script that does not have
elevated rights is the best strategy to manage it. Am I creating a
huge security hole by doing this?


More information about the Zope mailing list