Personal tools

Navigation

You are here: Home / Members / jhb / old blog entries / zope_security_observations

zope_security_observations

by Jörg Baach — last modified Feb 16, 2006 10:19 AM

Findings about zopes security mechanism

* You can raise a string "Unauthorized" to create a 401 Error
* The user you get via sm.getUser reflects the login/password passed
by the browser, not the
user actually needed - that means that a script can be accessible
by 'view', and still can raise
an 401 from inside
* The security declarations are made within the class of the
objects, usually on the instances
as well as on methods - via security.declareProtected

Questions:

* Whats the purpose of __ac_permissions, as found in PropertyTools

Add comment

You can add a comment by filling out the form below. Plain text formatting.

Name

Comment

Captcha

Question: What is 6 times 7?
Your answer:

Updates...: Getting out safe mode in pycharm Jan 08, 2022; To mac or not to mac Nov 07, 2021; Flask documentation Oct 07, 2021; Ausgangssperren Apr 25, 2021; Asus VG289Q Apr 05, 2021; Pycharm broken mermaid diagrams in markdown files Mar 26, 2021; Running ubuntu on a thinkpad t14 AMD Mar 14, 2021; Finding a decent 4k UHD 32" Monitor Oct 06, 2020; Better writing with the apple pencil on the ipad Jul 08, 2020; Fixing (ghost) touch issues on the x1 tablet - 2nd try May 07, 2020; more…