I'm having a problem figuring out how to keep things secure while allowing a proxied script to call a page template correctly.

Python script that is publicly available, receives an email address and sends that person thier details stored in the database.
The script has proxy rights of "Administrator".

Page template that is secured (admin folder is Administrator only for "view" and "access contents information").

The anonymous user is prompted for authentication.

If I change emaildetails.htm to a simple "test" text file it works, the problem seems to lie when the template tries to access any script from the context. I tried to give those scripts proxy rights too but that had no effect.

Am I going about this the wrong way, is there something I missed, or am I just going to have to revert to rewriting the whole details.htm as DTML?

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to