[Zope] Anonymous security
Bart Jansen
bart.jansen at esac.climbing.nl
Sat Dec 18 10:42:31 EST 2010
Hi all,
When I face a situation like Brian describes I am used to using Proxy
roles on the publicly available script to give it permission to do the
restricted actions. Is that a good approach or should I not use this?
One of the difficulties when using Proxy roles is that they do not
propagate to the scripts/methods being called by the script that has the
Proxy roles set.
Regards, Bart
PS. I'm new on the mailing list. My name is Bart Jansen and in my spare
time I manage a couple of Zope2 sites for non-profit student sports
clubs in the Netherlands.
Op 18-12-2010 8:10, Andreas Jung schreef:
> http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks
>
> (works only from trusted code like browser views or package code - not
> from PythonScripts)
>
> -aj
>
> Brian Sullivan wrote:
>> I am looking at a situation (an online self registry process) where I
>> want to allow a user that is not logged in to be able to create a user
>> and do a number of other functions normally reserved for and
>> restricted to logged in users with a fairly elevated rights. I need to
>> perform these functions from a Python script.
>
>> What is the best strategy for doing this? I am thinking that creating
>> a separate python script that has elevated rights and allowing
>> Anonymous access to it and calling it from a script that does not have
>> elevated rights is the best strategy to manage it. Am I creating a
>> huge security hole by doing this?
>> _______________________________________________
>> Zope maillist - Zope at zope.org
>> https://mail.zope.org/mailman/listinfo/zope
>> ** No cross posts or HTML encoding! **
>> (Related lists -
>> https://mail.zope.org/mailman/listinfo/zope-announce
>> https://mail.zope.org/mailman/listinfo/zope-dev )
>
>
_______________________________________________
Zope maillist - Zope at zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 552 bytes
Desc: OpenPGP digital signature
Url : http://mail.zope.org/pipermail/zope/attachments/20101218/cae387a5/attachment.bin
More information about the Zope
mailing list