[Zope] Newbie Security Query

Kevin Dangoor kid@kendermedia.com
Mon, 7 Feb 2000 12:32:03 -0500 

----- Original Message -----
From: "Chris Withers" <chrisw@nipltd.com>
To: "Zope Mailing List" <zope@zope.org>
Sent: Monday, February 07, 2000 11:37 AM
Subject: Re: [Zope] Newbie Security Query


> > There's nothing *very* bad that can be executed without permission.
> > "objectIds" is questionable.
>
> Okay, now I'm getting nervous... what not-so-bad things can you do?!
> (going to http://www.zope.org/text_content brought up a very disturbing
> screen...)

I didn't mean to scare you. I have confidence in Zope's security and what an
anonymous person can and can't do. When I said there's "nothing *very* bad",
I meant that not everyone would prefer if something like "objectIds" works
as it does. But, in truth, it's not really a security hazard. You should
just be aware that "security through obscurity" (trying to make methods that
are secure just because they have difficult to guess names) definitely is
not a good way to go.

As for text_content, I don't think that's a "standard" method. Zope.org has
some features on it designed to make it a somewhat open book, so that people
can learn from it.

I don't think there is any way for someone to get at your source code in the
current version of Zope without you actually making that possible.

> I wonder if anyone at DC could help out here? My wish-list would be to be
able
> to differentiate in a convenient manner between stuff publicly available
and
> stuff that isn't. To generalise this further, I'd love to be able to
assign the
> usability of a method or access to an object on a role basis, with special
roles
> including 'anonymous' for public access and 'system' for calls from other
> objects. Kindof like putting public: and private: in a C++ or Java class,
but
> with finer control.

I think you can set this up yourself, through extensive use of proxy roles.
If you have a method that you don't want to be callable through the web, you
can make it require a role of "System". Then, any method you write that
needs to use it could have a proxy role of "System".

Kevin