[Zope] Anonymous security

Andreas Jung lists at zopyx.com
Sat Dec 18 02:10:48 EST 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks

(works only from trusted code like browser views or package code - not
from PythonScripts)

- -aj

Brian Sullivan wrote:
> I am looking at a situation (an online self registry process) where I
> want to allow a user that is not logged in to be able to create a user
>  and do a number of other functions normally reserved for and
> restricted to logged in users with a fairly elevated rights. I need to
> perform these functions from a Python script.
> 
> What is the best strategy for doing this? I am thinking that creating
> a separate python script that has elevated rights and allowing
> Anonymous access to it and calling it from a script that does not have
> elevated rights is the best strategy to manage it. Am I creating a
> huge security hole by doing this?
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  https://mail.zope.org/mailman/listinfo/zope-announce
>  https://mail.zope.org/mailman/listinfo/zope-dev )


- -- 
ZOPYX Limited           | zopyx group
Charlottenstr. 37/1     | The full-service network for Zope & Plone
D-72070 Tübingen        | Produce & Publish
www.zopyx.com           | www.produce-and-publish.com
- ------------------------------------------------------------------------
E-Publishing, Python, Zope & Plone development, Consulting


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQGUBAEBAgAGBQJNDF54AAoJEADcfz7u4AZjP3ALv3Wf/qV13mgyzFz3Stm81tYg
PMe2v/mj2eYfLFXuPR4LhTnickMfRJJNdD/LYwOdK6GLgvh307GkM/0mrCrpeHoO
pIizuTuYhsl5ITdaUF3R+VcHlRmIZsNrYIEummmNAQjMW0hLA3XEefv9KvlV+P53
q6rzHq4n9T4JkKBh/QX0KiMVZOHeRjV1AnC3hXyqhbZCd8/pCgJDVsecbEBWlFrj
izDhb6q+THHsjzRTbKzljnXJw8/he8TeCbN8cmjrlAVW5UhO/AIRQ2ikPh2GybAl
pUSRuHux78+WRaw4av1WG+XBWVS1uZNmJnsNFPNr8NY7OE7hvSBttZTVzWmf9VyT
jHWkpNKRROd83mpfZuHh3m9Ei6v5AvCFzr5Lt1O/M4bH4Rki8aqRqyzDy9fYEIW1
+CAhxUN511v2zSmcpmLClhkErZQP3qp0uXi+TIAj+/tbrXs8I7/fOlo/VWXMzxNy
XM85seHdMYlWgsRbX/sVJKn5NOpqLsk=
=UTd0
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20101218/1aae8e2b/attachment.vcf 


More information about the Zope mailing list