[Zope] Basic Security question

Jonathan Hobbs hobbs at magma.ca
Thu May 27 15:05:08 EDT 2004

> Jonathan Hobbs wrote at 2004-5-27 11:09 -0400:
> >I have a folder ('Data') with the 'View' security role set to
> >'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.
> >
> >When, as an 'anonymous' user,  I try to access an object within the
> >folder the security popup window (enter your name/password) is displayed.
> >This works as I expected it to.
> >
> >I have created a dtml method called 'Display'.  This test routine is
> >hardcoded to display an object from the 'Data' folder.  I have set the
> >role for the Display method to "Authenticated".  When, as an 'anonymous'
> >user, I access the 'Display' method the security popup window appears?!
> >Shouldn't the Proxy role assigned to the dtml method enable access to the
> >object in the folder?
> BTW, "VerboseSecurity" can help you to analyse difficult
> security problems. Use the CVS version (once Zope's CVS starts
> to work again).

I have installed VerboseSecurity (it shows up in the Control_Panel/Products
list), but it does not generate any output in the zope_error_log (the
requests are showing up in zope_access_log).  Does VerboseSecurity put the
security info somewhere else?

We are running 2.6.1 if this has any bearing.


More information about the Zope mailing list