On Tue, 5 Sep 2000, ethan mindlace fremen wrote:
Now every object excecutes according to the permision of the owner,
*not* the viewer. It can also run as a proxy role. The
super-bootstrap-user lives outside of "normal" zope authentication has
permission to do anything save that which NotEvenGodShouldDo.
Therefore, it shouldn't own objects.
Methods actually now execute with the effective intersection of the
permissions granted to the AUTHENTICATED_USER and the permissions
granted to the method's owner. If a proxy role is specified, the method
executes with permissions restricted to those roles assigned by the proxy
This is unarguably a good thing. What's not entirely clear is *why*
super can't own, which is a separate issue. The power it has beyond
that of a normal management user is the ability to traverse the site
unrestricted by the security machinery. I actually don't think
there's an answer to this question that has to do with method
execution. I think the ultimate answer is one or a few of the
following: "because," "shrug," "for audit trail purposes," or "so you
don't shoot yourself in the foot," or "be quiet." :-) Alternately,
the answer might lie in an unobvious implementation detail that none
of us really want to think about.
This is *quite* important, and needs to stay. I don't know how to
emphasize enough that this is a well thought out correction to an
extremely deadly class of security problems that still (afaik) plagues
many "other" through-the-web management systems.
I just can't think of any situations where having a method execute with
the effective intersection of the permissions granted to superuser and
the permissions granted to another user would cause more damage
than a method executing with the effective intersection of the permissions
granted to a normal management user and another user. Can you?
The newbie pain, however, could probably be mitigated- don't call it a
Super user, since it hardly deserves the S or the cape. Have a user in
the default install. Something like that.
I agree. This should happen soon.
Digital Creations, Publishers of Zope
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -