Personal tools

Navigation

You are here: Home / Members / jhb / old blog entries / zope_security_observations

zope_security_observations

by Jörg Baach — last modified Feb 16, 2006 10:19 AM

Findings about zopes security mechanism

* You can raise a string "Unauthorized" to create a 401 Error
* The user you get via sm.getUser reflects the login/password passed
by the browser, not the
user actually needed - that means that a script can be accessible
by 'view', and still can raise
an 401 from inside
* The security declarations are made within the class of the
objects, usually on the instances
as well as on methods - via security.declareProtected

Questions:

* Whats the purpose of __ac_permissions, as found in PropertyTools

Add comment

You can add a comment by filling out the form below. Plain text formatting.

Name

Comment

Captcha

Question: What is 42 minus 19?
Your answer:

Updates...: A self describing graph schema Jan 28, 2019; Python, CUDA and graphs Nov 30, 2018; Numba and Cuda on Windows (using pip) Oct 22, 2018; Compiling python extensions in windows 10 Sep 06, 2018; thunderbird white background for text messages May 12, 2018; A problem with neo4j's db.schema()? Apr 25, 2018; neo4j full text indexing - limited to 32k Mar 20, 2017; Installing python buildout with readline Feb 25, 2017; Fonts on Ubuntu - revamped Jan 24, 2017; plone: removing (portlet)renderers from the cache Jun 02, 2015; more…