[Zope3-dev] Zope security policy

Roger Ineichen dev at projekt01.ch
Thu Mar 10 11:09:18 EST 2005 

Hi Garrett

From: Garrett Smith [mailto:garrett at mojave-corp.com] 
> Sent: Thursday, March 10, 2005 5:05 PM
> To: dev at projekt01.ch
> Cc: zope3-dev at zope.org
> Subject: RE: [Zope3-dev] Zope security policy
> 
> I glanced over the transcript, but I'm not sure what I'm 
> supposed to get
> from it.

;-) nothing, if we don't change the default configuration
for zope.View from Allow to Deny for unauthentcated principals.

This means there is no other solution as replace the 
files on your server like you propose.

I still think it's not only nice to change the zope.View
as default from Allow to Deny. It's much more then that.

If we whould change the permission zope.View from Allow
to Deny for Unatuthneticated principal we whould see that 
we have other problems too. (Like I proposed in my mail.)

Right now you only can see that we have a 2 step login 
on subsites if the parent site isn't public accessible.

Regards
Roger Ineichen

> Roger Ineichen wrote:
> > Hi Garrett
> > 
> >> -----Original Message-----
> >> From: zope3-dev-bounces+dev=projekt01.ch at zope.org
> >> [mailto:zope3-dev-bounces+dev=projekt01.ch at zope.org] On Behalf Of
> >> Garrett Smith Sent: Thursday, March 10, 2005 4:35 PM
> >> To: zope3-dev (E-mail)
> >> Subject: [Zope3-dev] Zope security policy
> >> 
> >> Our app needs to not grant anonymous view access. It's not clear to
> >> me how I can do this without: 
> >> 
> >> - Duplicating the entire contents of
> >> z/a/securitypolicy/configure.zcml in our site.zcml (sans the
> >> anonymous grants) 
> >> 
> >> - Physically changing z/a/securitypolicy.zcml on installation
> >> 
> >> The note in configure.zcml implies that we choose the later, but
> >> that's bad.
> >> 
> >> Unless there's an existing solution, I propose that we move the
> >> anonymous grants into securitypolicy.zcml and leave
> >> z/a/ssecuritypolicy/configure.zcml strictly for setting up 
> components
> >> for the package.
> > 
> > I was talking to jim on IRC about securitypolicy settings.
> > 
> > See:
> > http://zope3.pov.lt/irclogs/%23zope3-dev.2005-03-10.log.html
> > (Thanks to mgedmin to this nice log)
> > 
> > See also my mail: Traversal question from Today.
> > 
> > What do you think?
> > 
> > Regards
> > Roger Ineichen
> > 
> >>  -- Garrett
> >> _______________________________________________
> >> Zope3-dev mailing list
> >> Zope3-dev at zope.org
> >> Unsub:
> >> http://mail.zope.org/mailman/options/zope3-dev/dev%40projekt01.ch
> 
>

More information about the Zope3-dev mailing list