From: Tim C. <tw...@sh...> - 2005-11-10 08:26:57
|
Hmmmm...you do realize that there is a complete and tested security layer in Zope that solves this issue? By using untrusted scripts (as you suggest below) to do security checking, the application can be compromised. There is good info on Zope security and it's limitation in the Zope 3 section. =46rom the page at: http://www.zope.org/Wikis/DevSite/Proposals/Zope3ProtectionInZope2 ----------------------------------------------------------------------- Zope 2's protection system relies on inserting security checks into programs. In particular, Python scripts have to be compiled with a custom Python compiler that inserts checks to make sure that untrusted programs can't access or update unauthorized information. Similarly, the DTML and ZPT implementations are burdened with Zope-specific security infrastructure. Both DTML and ZPT support Python expressions which must also be compiled with a custom compiler. This approach has a number of significant disadvantages: * Little or no protection is provided for trusted code called by untrusted code. Untrusted code can sometimes trick trusted code into performing unauthorized actions by passing it unexpected arguments. --------------------------------------------------------------------------- You'd be better served to correctly use the existing machinery. Cheers, Tim On Mon, 2005-10-31 at 08:50 -0500, Michael Rowley wrote: > Hey Jake, >=20 >=20 > Looking at this, I think the best way to do this is to do a check in > the main_template at the top for the current user. If they are > 'Anonymous' redirect them to the login page... Will also have to do a > check to see if we are in the login_form template also. >=20 >=20 > I think how we can do this is like this... this is just logic, not > code, before someone gets all anal on me... :) >=20 >=20 > if templateid !=3D login_form > =20 > if getAuthenticatedUser =3D=3D Anonymous: > =20 > redirect to login_form > =20 > now just how to do this in the main_template. But this way, we can > allow the anonymous user to hit the site, and if they aren't > authenticated, they will be kicked to Anonymous, and no loopholes of > forgetting to do one of the templates and ending up with a security > hole. >=20 >=20 > Check out my templates in clinical to see how I have done security for > my pages. If the user doesn't have authorization to view cerain > items, the links for them just don't show up... therefore can't get to > them. Will need to step this up into the individual forms also, to > prevent someone from hand typing the url into the browser and getting > around it, but we can fix this in a bit. =20 >=20 >=20 > M >=20 >=20 >=20 >=20 > Michael Rowley MD >=20 > Project Manager >=20 > TORCH2 >=20 > Trusted Open source Records for Care and Health >=20 >=20 >=20 >=20 >=20 --=20 Tim Cook, Consultant CHASE Health Informatics, Inc. GnuPG Key is available at=20 http://www.chasehealthinformatics.com/Members/twcook |