[Zope3-dev] security problems with database adapters (second
edition)
Velko Ivanov
dachev at nove.bg
Tue Aug 30 08:59:21 EDT 2005
Dmitry Vasiliev wrote:
> zope.app.securitypolicy.zopepolicy.ZopeSecurityPolicy does the following:
>
> 1. check for security map at /aFolder
> 2. get the aFolder's parent (the root folder in our case) through the
> '__parent__' attribute
> 3. check for security map at /
> 4. check global security map defined through configuration
>
> If object doesn't have a '__parent__' attribute and any associated
> security map the security check will be based only on global security map.
>
Oh, now I see it. Thanks :)
> Maybe we need always check security map at the root folder?
>
I don't believe this is the solution. Altrough it will solve my example,
it wouldn't help in other scenarios.
I would eventually make ZopeConnection and ZopeCursor locatable, if they
aren't already, and assign the database adapter as the parent of the
connection and the connection to the cursor at the time of their creation.
Actually I'm going to patch it like that right away.
One last question, to clear things a bit for me, as I don't have a Zope3
copy here to try -
Imagine the user accesses some python class by the means of submiting a
form and that class needs to do some work with the database, so it
obtains a database connection, creates a cursor and executes some
queries. In this case, will the class access the connection with the
user's privileges, or is it trusted ?
If it is trusted, my problem here is not of so big importance, but if
not, I imagine zope.app.rdb needs some urgent updates.
Regards,
Velko Ivanov
More information about the Zope3-dev
mailing list