[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security
Mon, 23 Sep 2002 20:14:22 -0400
A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-103
Zope offers some protection from this kind of Trojan horse. Zope
helps protect your site from server-side to Trojan attacks by
limiting the power of web resources based on who authored them.
If an untrusted user authors a web page, then the power of the
web pages to do harm to unsuspecting visitors will be
limited. For example, suppose an untrusted user creates a DTML
document or Python script that deletes all the pages in your
site. If they attempt to view the page, it will fail since they
do not have adequate permissions. If a manager views the page,
it will also fail, even though the manager does have adequate
permissions to perform the dangerous action.
% Anonymous User - Sep. 23, 2002 8:14 pm: