Re: [Op-torch-devel] login

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hmmmm...you do realize that there is a complete and tested security
layer in Zope that solves this issue?

By using untrusted scripts (as you suggest below) to do security
checking, the application can be compromised.

There is good info on Zope security and it's limitation in the Zope 3
section.

=46rom the page at:
http://www.zope.org/Wikis/DevSite/Proposals/Zope3ProtectionInZope2
-----------------------------------------------------------------------
Zope 2's protection system relies on inserting security checks into
programs. In particular, Python scripts have to be compiled with a
custom Python compiler that inserts checks to make sure that untrusted
programs can't access or update unauthorized information. Similarly, the
DTML and ZPT implementations are burdened with Zope-specific security
infrastructure. Both DTML and ZPT support Python expressions which must
also be compiled with a custom compiler. This approach has a number of
significant disadvantages:

      * Little or no protection is provided for trusted code called by
        untrusted code. Untrusted code can sometimes trick trusted code
        into performing unauthorized actions by passing it unexpected
        arguments.

---------------------------------------------------------------------------

You'd be better served to correctly use the existing machinery.

Cheers,
Tim

On Mon, 2005-10-31 at 08:50 -0500, Michael Rowley wrote:
> Hey Jake,
>=20
>=20
> Looking at this, I think the best way to do this  is to do a check in
> the main_template at the top for the current user.  If they are
> 'Anonymous' redirect them to the login page...  Will also have to do a
> check to see if we are in the login_form template also.
>=20
>=20
> I think how we can do this is like this...  this is just logic, not
> code, before someone gets all anal on me... :)
>=20
>=20
> if templateid !=3D login_form
>    =20
>     if getAuthenticatedUser =3D=3D Anonymous:
>        =20
>         redirect to login_form
>   =20
> now just how to do this in the main_template.  But this way, we can
> allow the anonymous user to hit the site, and if they aren't
> authenticated, they will be kicked to Anonymous, and no loopholes of
> forgetting to do one of the templates and ending up with a security
> hole.
>=20
>=20
> Check out my templates in clinical to see how I have done security for
> my pages.  If the user doesn't have authorization to view cerain
> items, the links for them just don't show up... therefore can't get to
> them.  Will need to step this up into the individual forms also, to
> prevent someone from hand typing the url into the browser and getting
> around it, but we can fix this in a bit. =20
>=20
>=20
> M
>=20
>=20
>=20
>=20
> Michael Rowley MD
>=20
> Project Manager
>=20
> TORCH2
>=20
> Trusted Open source Records for Care and Health
>=20
>=20
>=20
>=20
>=20
--=20
Tim Cook, Consultant CHASE Health Informatics, Inc.
GnuPG Key is available at=20
http://www.chasehealthinformatics.com/Members/twcook