[Zope] protecting users from hostile authors

Steve Alexander steve@cat-box.net
Sun, 26 Aug 2001 18:47:34 +0100


Kyler B. Laird wrote:

> 
> O.k., I appreciate that (lots!).  However, I do not see
> what is stopping me from doing something nasty like...
> 
> 	1.	Lure you to my page.
> 
> 	2.	Check to see that you are authenticated.
> 		(My page wouldn't require it.)
> 
> 	3.	If you are, grab your user name.
> 
> 	4.	Create a URL for a Bad Thing (something with
> 		"manage_" in it pointed at your folder).
> 
> 	5.	Generate a 1x1 (or whatever) <img> tag with
> 		that URL as the src value.


You need two users:

1: You as system manager, that is, the user you use to edit the site 
through the web.

2: You as user. That is, a user with no more rights than a normal user.

Then, you ensure that you never look at a user's page, except whne 
you're logged in as the latter of the two users.

It's pretty much the same discipline as not running execuatables other 
users have left lying around on a shared unix system.

As has been pointed out by others, Zope protects you from this quite 
well already. You only need go the extra length of having two users 
yourself if you want to avoid the specific case you mention above.

--
Steve Alexander
Software Engineer
Cat-Box limited