AW: [Zope3-dev] skin support for xmlrpc
Stephan Richter
srichter at cosmos.phy.tufts.edu
Mon Aug 27 23:19:59 EDT 2007
On Monday 27 August 2007 23:05, Roger Ineichen wrote:
> Are you all sure you understand the need of a layer in every
> kind of request? It's about permission registration and not
> skinning.
If it is not about skinning, it should not be done with layers.
What I think Christian is trying to do is to create different *namespaces* for
an external API. I think that pluggable traversers or a custom namespace
(maybe ++ns++<name>) would be a much less confusing solution.
> Since the skin directive is gone layer also support the
> skinning concept. But the main reason of layers is still
> offering a security namespace.
I disagree. I have *never* thought of it as a security namespace. I think of
it as a *user interface* functionality namespace.
> In short
> --------
>
> "skin support in xmlrpc" --> No
> "layer support in xmlrpc" --> Yes it's a security issue!
>
> Layers allow us to use different security registrations
> for the same view in different projects.
Have we ever used layers in this way? Can you give me an example or use case?
The more I think about it, the more I think you are wrong. ;-) If you cannot
access an action with certain credentials, then you are denied access to the
API call. Having different semantics based on credentials for a given API
call is a bad idea. You are better served having two functional namespaces. I
think a pluggable traverser plugin best implements such a namespace for
XML-RPC.
>
> seccurity issue
> ---------------
>
> Let's say you have a app offering a XML-RPC server
> shutdown view. You whould do the following:
>
> 1. regsiter a public and a private skin
> 2. register the XML-RPC view to the layer used by the private skin
> 3. Run Zope at port 8080 blocked form outside by firewall
> 4. Use Apache rewrite rules and point to the public and private skin
> e.g. private.foo.com and public.foo.com
> 5. Use a rewrite rule and point to the private skin restricting
> access to a internal network or some IP addresses.
>
> How whould you restrict access from the public skin to the XML-RPC
> view without layer support used in step 2?
The solution is pretty straight forward using a pluggable traverser. After
all, pluggable traversers were designed to be maximally flexible and to allow
all possibilities, which includes "simulating" skins, if you want.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-dev
mailing list