[Zope-dev] Security validation issue
Herman Geldenhuys
hgeldenhuys at gims.com
Fri Jan 30 04:15:32 EST 2004
Hi
> Herman Geldenhuys wrote:
>
> > I've written a Zope product that exposes a "MenuItem". I add a menuItem
> > in a Zope folder, and I have no difficulty accessing and editing it via
> > the ZMI. I've written an xml-rpc-like protocol for Zope, that basically
> > validates the security "manually".
>
> What do you mean by "manually"?
By manually I mean that I have to do the validation myself. I have written a
new protocol that plugs into the Zope application server. It's called OZE
and I am about to release the source on sourceforge. Its an RPC-like
protocol. But in a nutshell, I must do the security validation myself,
because I bypass a few usual-Zope elements in the framework.
I will gladly answer any other questions, but will this satisfy for now?
H
----- Original Message -----
From: "Chris Withers" <chris at simplistix.co.uk>
To: "Herman Geldenhuys" <hgeldenhuys at gims.com>
Cc: <zope-dev at zope.org>
Sent: Friday, January 30, 2004 10:48 AM
Subject: Re: [Zope-dev] Security validation issue
> Herman Geldenhuys wrote:
>
> > I've written a Zope product that exposes a "MenuItem". I add a menuItem
> > in a Zope folder, and I have no difficulty accessing and editing it via
> > the ZMI. I've written an xml-rpc-like protocol for Zope, that basically
> > validates the security "manually".
>
> What do you mean by "manually"?
>
> > This code works for any other default Zope type, but not mine. Did I
> > perhaps forgot a permission or something?
>
> Did you do security declarations for that method?
>
> > I can access this fine via the ZMI, but when I validate it this way,
> > python just starts cursing at me.
>
> Why are you doing you own validation? ;-)
>
> cheers,
>
> Chris
>
More information about the Zope-Dev
mailing list