[ZPT] No proxy roles in page templates? What do I do then?
Dieter Maurer
dieter@handshake.de
Thu, 27 Sep 2001 09:33:52 +0200 (CEST)
R. David Murray writes:
> On Wed, 26 Sep 2001, Itai Tavor wrote:
> > If you mean that the PT will call a script which has proxy roles,
> > that wouldn't help at all IMO, because the script will need to be
> > publicly accessible, opening a security hole.
> >
> > I want to ensure that certain object interface methods are only
> > called by authorized methods, and are not accessible TTW nor by DTML
> > or PT methods written by other Zope users. So I protect those
>
> I fail to see a security difference between having a publicly accessible
> Template with a proxy Manager role and having a publicly accessible
> script with a proxy Manager role. In either case you control what
> is accepted as input and don't control what is done with the output
> (though granted it is harder to prize the info out of the results
> returned by the template).
>
> Maybe I'm just missing something, though...
I agree with you!
Furthermore, while difficult, it is possible to prevent
the script from being directly called from the Web.
You give the object an "index_html" attribute
returning a page "Not allowed to be used via Web"
or raising an exception.
I posted corresponding code to the mailing list (I hope, at least...).
We should lobby the Zope developers that this becomes easier.
Dieter