[ZPT] How are you ZPT users securing your interfaces?

Kevin Gill Kevin.Gill at newaddress.ie
Tue Feb 1 15:19:25 EST 2005


I know this has come up before, but I cannot see a solution to the problem 
in the archives.

I have a Zope application written using Page Templates (Presentation 
Templates?) to interface to the user. I cannot see how to prevent a 
malicious visitor from by-passing the Template and accessing the python 
scripts and ZSQL methods behind it.

In the DTML world I can use proxy roles to achieve this, but proxy roles 
have been specifically and deliberately omitted from the Template 
implementation in Zope. I cannot find any documentation describing why they 
were omitted (I presume that they create other problems for the ZPT 
developers), or how to secure your system using ZPT.

I can think of the following options only (none are practical):

    1. Use DTML for security
    2. Put a layer in python in front of the Presentation layer
    3. Ignore Security

How are you ZPT users securing your interfaces? 



More information about the ZPT mailing list