Chris Withers wrote:

Dario Lopez-Kšsten wrote:

I am trying to prevent PythonScripts from being called directly TTW.


because the scripts i use in conjunction with SUF and that return person information are callable as http://server/acl_users/scriptname.

And the SUF API demands that the scripts accept a parameter that then can easily be supplied in the url. If all this is done, then I can obtain info about users that way. Not good.

Is there a better way of doing this than the following code being called at the very begining of the script?

if script.getPhysicalPath() = context.REQUEST.PUBLISHED.getPhysicalPath():
raise "UnAuthorisedOrSimilar"

Make the scripts only viewable by Manager, and give whatever calls them that role by Proxy.

hm... right... that'd require even more customisation polocy of my Plone site than what is there now...

I think i'll use the above code until I have time to fix the role/proxy assinging programatically.

BTW, will SUF have support for FS-based scripts in the future?


-- -------------------------------------------------------------------
Dario Lopez-Kšsten, IT Systems & Services Chalmers University of Tech.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to