[Zope-CMF] security mechanism

Tres Seaver tseaver at zope.com
Tue Oct 21 07:33:12 EDT 2003


On Tue, 2003-10-21 at 05:58, Mirto Silvio Busico wrote:

> I have a problem with the security mechanism of zope 2.6.1

Your question is off-topic for the zope-cmf list;  it is on-topic for
the "zope at zope.org" list, however.

> I need to call the function os.popen4 in order to execute an external 
> command.
> 
> I inserted the call in a python script, but I receive alwais the login 
> popup window.
> No user is enabled to receive the authorization.

"Through-the-web" code (PythonScripts, PageTemplates,
DTML{Document,Method}s is "untrusted" in Zope, and hence has no access
either to the filesystem or to operating system calls such os
'os.popen4'.  You need access to filesystem-based code (ExternalMethods,
Python products) to get such access.  
> 
> P.S. I ve found nothing useful in the zope book, in the administrator 
> manual end searching in zope labs

From
http://zope.org/Documentation/Books/ZopeBook/2_6Edition/BasicObject.stx

-------------------------------------
Script (Python) Objects

Script (Python) objects are one kind of logic object. Note that the
torturous form of their name (as opposed to "Python Script") is
unfortunate: a legal issue prevents Zope Corporation from naming them
"Python Scripts", but most folks at Zope Corporation and in the Zope
community refer to them in conversation as just that.

Script (Python) objects are "security-constrained" web-editable pieces
of code that are written in a subset of the Python scripting language.
Not all Python code is executable via a Script (Python) object. Script
(Python) objects are constrained by Zope's security policy, which means,
for the most part, that they are unable to import all but a set of
restricted Python "modules", and they cannot directly access files on
your filesystem. This is actually a "feature", as it allows site
administrators to safely delegate the ability to create logic in Python
to "untrusted" or "semi-trusted" users. For more information about
Zope's security features, see Users and Security.


External Methods

External Methods objects are another kind of logic object. They are very
similar to Script (Python) objects. They are scripted in the Python
programming language, and they are used for the same purpose. The have a
few important differences:

 - They are not editable using the Zope Management Interface. Instead,
   External Methods "modules" need to be created on the filesystem of
   your Zope server in a special subdirectory of your Zope directory
   named Extensions.

 - Because they are not editable via the Zope Management Interface,
   their execution is not constrained by the Zope "security machinery".
This means that unlike Script (Python) objects, they can import
   and execute essentially arbitrary Python code and access files on
   your Zope server's file system.

 - They do not support the concept of "bindings" (which we have not
   discussed much, but please just make note for now).

External methods are often useful as an "escape hatch" when Zope's
security policy prevents you from using a Script (Python) or DTML to do
a particular job that requires more access than is "safe" in
through-the-web-editable scripts. For example, a Script (Python) cannot
write to files on your server's filesystem, while an External Method
may.

-----------------------------

BTW, your signature trailer is both pointless and hostile in mail
requesting help from a public mailing list;  if you can find a way to
strip it, please do.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com




More information about the Zope-CMF mailing list