[Zope] Basic Security question
Jonathan Hobbs
hobbs at magma.ca
Thu May 27 15:05:08 EDT 2004
> Jonathan Hobbs wrote at 2004-5-27 11:09 -0400:
> >I have a folder ('Data') with the 'View' security role set to
> >'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.
> >
> >When, as an 'anonymous' user, I try to access an object within the
'Data'
> >folder the security popup window (enter your name/password) is displayed.
> >This works as I expected it to.
> >
> >I have created a dtml method called 'Display'. This test routine is
> >hardcoded to display an object from the 'Data' folder. I have set the
Proxy
> >role for the Display method to "Authenticated". When, as an 'anonymous'
> >user, I access the 'Display' method the security popup window appears?!
> >Shouldn't the Proxy role assigned to the dtml method enable access to the
> >object in the folder?
>
> BTW, "VerboseSecurity" can help you to analyse difficult
> security problems. Use the CVS version (once Zope's CVS starts
> to work again).
I have installed VerboseSecurity (it shows up in the Control_Panel/Products
list), but it does not generate any output in the zope_error_log (the
requests are showing up in zope_access_log). Does VerboseSecurity put the
security info somewhere else?
We are running 2.6.1 if this has any bearing.
Jonathan
More information about the Zope
mailing list