[Zope] Anonymous security
Andreas Jung
lists at zopyx.com
Sat Dec 18 02:10:48 EST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks
(works only from trusted code like browser views or package code - not
from PythonScripts)
- -aj
Brian Sullivan wrote:
> I am looking at a situation (an online self registry process) where I
> want to allow a user that is not logged in to be able to create a user
> and do a number of other functions normally reserved for and
> restricted to logged in users with a fairly elevated rights. I need to
> perform these functions from a Python script.
>
> What is the best strategy for doing this? I am thinking that creating
> a separate python script that has elevated rights and allowing
> Anonymous access to it and calling it from a script that does not have
> elevated rights is the best strategy to manage it. Am I creating a
> huge security hole by doing this?
> _______________________________________________
> Zope maillist - Zope at zope.org
> https://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> https://mail.zope.org/mailman/listinfo/zope-announce
> https://mail.zope.org/mailman/listinfo/zope-dev )
- --
ZOPYX Limited | zopyx group
Charlottenstr. 37/1 | The full-service network for Zope & Plone
D-72070 Tübingen | Produce & Publish
www.zopyx.com | www.produce-and-publish.com
- ------------------------------------------------------------------------
E-Publishing, Python, Zope & Plone development, Consulting
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQGUBAEBAgAGBQJNDF54AAoJEADcfz7u4AZjP3ALv3Wf/qV13mgyzFz3Stm81tYg
PMe2v/mj2eYfLFXuPR4LhTnickMfRJJNdD/LYwOdK6GLgvh307GkM/0mrCrpeHoO
pIizuTuYhsl5ITdaUF3R+VcHlRmIZsNrYIEummmNAQjMW0hLA3XEefv9KvlV+P53
q6rzHq4n9T4JkKBh/QX0KiMVZOHeRjV1AnC3hXyqhbZCd8/pCgJDVsecbEBWlFrj
izDhb6q+THHsjzRTbKzljnXJw8/he8TeCbN8cmjrlAVW5UhO/AIRQ2ikPh2GybAl
pUSRuHux78+WRaw4av1WG+XBWVS1uZNmJnsNFPNr8NY7OE7hvSBttZTVzWmf9VyT
jHWkpNKRROd83mpfZuHh3m9Ei6v5AvCFzr5Lt1O/M4bH4Rki8aqRqyzDy9fYEIW1
+CAhxUN511v2zSmcpmLClhkErZQP3qp0uXi+TIAj+/tbrXs8I7/fOlo/VWXMzxNy
XM85seHdMYlWgsRbX/sVJKn5NOpqLsk=
=UTd0
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20101218/1aae8e2b/attachment.vcf
More information about the Zope
mailing list