Re: [Zope] Question about security
Harris Peter <[EMAIL PROTECTED]> wrote: > > I'm sorry, I must be missing something. > > The API reference I have doesn't contain any such thing. Neither does the > Zope book, before anyone else suggests that. The DTML on zope.org uses > a method that isn't recognised by the standard User Folder, so no help > there. > > If ANYONE has EVER successfully implemented a way for users to > change their own passwords using standard 2.2 Zope then *please* - > post your source code here or put a HOWTO on zope.org! > > It's a basic requirement of any system that uses passwords, but if it can't > be done just admit it. After all, zope is still *quite* good without it. ;-) See http://www.zope.org/Members/tseaver/user_settable_passwords. Tres. -- === Tres Seaver[EMAIL PROTECTED] Digital Creations "Zope Dealers" http://www.zope.org ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Question about security
You need to use the same method as you would to create a user, manage_users. If you look at the Zope Quick Reference you will see that it can take a parameter called submit which can be 'Add...','Add', 'Edit' or 'Change'. If you use the 'Change' variant you can change the password as you require. Take a look in /lib/python/AccessControl/User.py and then take a look at the manage_users method in the BasicUserFolder class. hth Phil [EMAIL PROTECTED] - Original Message - From: "Harris Peter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, November 22, 2000 9:25 AM Subject: Re: [Zope] Question about security > Dieter wrote: > > >Joaldo Junior writes: > >> Does anyone can inform if is there any kind of function, > >> which a common user can change your password by the same way a superuser > can > >> do in ACL_User? > >Look at the built-in Zope API reference: User object. > >The User object has methods to read and change the information > >associated with a user. > > >These methods are (of cause) protected such that only > >users with high priviledges can execute them. > >You will need to set a proxy role for the DTML object > >that calls them, in order to allow less priviledged users > >to call them. > > >Dieter > > I'm sorry, I must be missing something. > > The API reference I have doesn't contain any such thing. Neither does the > Zope book, before anyone else suggests that. The DTML on zope.org uses > a method that isn't recognised by the standard User Folder, so no help > there. > > If ANYONE has EVER successfully implemented a way for users to > change their own passwords using standard 2.2 Zope then *please* - > post your source code here or put a HOWTO on zope.org! > > It's a basic requirement of any system that uses passwords, but if it can't > be > done just admit it. After all, zope is still *quite* good without it. ;-) > > Peter Harris () > > > > > This message and any files transmitted with it are confidential. > The contents may not be disclosed or used by anyone other > than the addressee. > If you have received this communication in error, please delete > the message and notify JBB (Greater Europe) Plc immediately > on 0141-249-6285. > > The views expressed in this email are not necessarily the views > of JBB (Greater Europe) PLC. > As it has been transmitted over a public network, > JBB (Greater Europe) PLC makes no representation nor accepts > any liability for the email's accuracy or completeness unless > expressly stated to the contrary. > > Should you, as the intended recipient, suspect that the message > has been intercepted or amended, please notify > JBB (Greater Europe) Plc immediately on 0141-249-6285. > > > > ___ > Zope maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Question about security
Dieter wrote: >Joaldo Junior writes: >> Does anyone can inform if is there any kind of function, >> which a common user can change your password by the same way a superuser can >> do in ACL_User? >Look at the built-in Zope API reference: User object. >The User object has methods to read and change the information >associated with a user. >These methods are (of cause) protected such that only >users with high priviledges can execute them. >You will need to set a proxy role for the DTML object >that calls them, in order to allow less priviledged users >to call them. >Dieter I'm sorry, I must be missing something. The API reference I have doesn't contain any such thing. Neither does the Zope book, before anyone else suggests that. The DTML on zope.org uses a method that isn't recognised by the standard User Folder, so no help there. If ANYONE has EVER successfully implemented a way for users to change their own passwords using standard 2.2 Zope then *please* - post your source code here or put a HOWTO on zope.org! It's a basic requirement of any system that uses passwords, but if it can't be done just admit it. After all, zope is still *quite* good without it. ;-) Peter Harris () This message and any files transmitted with it are confidential. The contents may not be disclosed or used by anyone other than the addressee. If you have received this communication in error, please delete the message and notify JBB (Greater Europe) Plc immediately on 0141-249-6285. The views expressed in this email are not necessarily the views of JBB (Greater Europe) PLC. As it has been transmitted over a public network, JBB (Greater Europe) PLC makes no representation nor accepts any liability for the email's accuracy or completeness unless expressly stated to the contrary. Should you, as the intended recipient, suspect that the message has been intercepted or amended, please notify JBB (Greater Europe) Plc immediately on 0141-249-6285. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Question about security
Joaldo Junior writes: > Does anyone can inform if is there any kind of function, > which a common user can change your password by the same way a superuser can > do in ACL_User? Look at the built-in Zope API reference: User object. The User object has methods to read and change the information associated with a user. These methods are (of cause) protected such that only users with high priviledges can execute them. You will need to set a proxy role for the DTML object that calls them, in order to allow less priviledged users to call them. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] Question about security
Does anyone can inform if is there any kind of function, which a common user can change your password by the same way a superuser can do in ACL_User? ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )