[Zope] [ZGotW] Issue #3 (Closed)
Zope Guru of the Week
ZGotW@palladion.com
Fri, 11 Feb 2000 13:33:45 US/Pacific
The current issue of "Zope Guru of the Week" has closed:
===================================================================
Issue #3 -- Acquiring Permissions
===================================================================
Status: Closed
Zen Level: Master (5/8)
Keywords: Acquisition Security / Permissions
Submitted by: Tres Seaver tseaver@palladion.com
-------------------------------------------------------------------
When assembling a site using custom-defined ZClasses, I find
that I often have to go back into the classes and assign
Proxies to particular methods, giving them Manager rights,
in order to allow anonymous users to browse the site or submit
content.
* Is this a security hole? (think setuid/setgid scrips in a
Unix filesystem)
* Should I be doing something else?
- mapping permissions on my ZClasses?
- creating special "default" users in an acl_users folder?
- what else?
-------------------------------------------------------------------
Reviewed by: Tres Seaver tseaver@palladion.com
-------------------------------------------------------------------
Hmmm, I didn't guess that *no one* would venture a reply on this topic.
Oh well, I'll close it and move on.
-------------------------------------------------------------------