[ZPT] How are you ZPT users securing your interfaces?
Kevin Gill
Kevin.Gill at newaddress.ie
Tue Feb 1 15:19:25 EST 2005
I know this has come up before, but I cannot see a solution to the problem
in the archives.
I have a Zope application written using Page Templates (Presentation
Templates?) to interface to the user. I cannot see how to prevent a
malicious visitor from by-passing the Template and accessing the python
scripts and ZSQL methods behind it.
In the DTML world I can use proxy roles to achieve this, but proxy roles
have been specifically and deliberately omitted from the Template
implementation in Zope. I cannot find any documentation describing why they
were omitted (I presume that they create other problems for the ZPT
developers), or how to secure your system using ZPT.
I can think of the following options only (none are practical):
1. Use DTML for security
2. Put a layer in python in front of the Presentation layer
3. Ignore Security
How are you ZPT users securing your interfaces?
More information about the ZPT
mailing list