I'm having a problem figuring out how to keep things secure while allowing a proxied script to call a page template correctly.

/details/sendDetails
Python script that is publicly available, receives an email address and sends that person thier details stored in the database.
The script has proxy rights of "Administrator".

/admin/person/emaildetails.htm
Page template that is secured (admin folder is Administrator only for "view" and "access contents information").


The anonymous user is prompted for authentication.

If I change emaildetails.htm to a simple "test" text file it works, the problem seems to lie when the template tries to access any script from the context. I tried to give those scripts proxy rights too but that had no effect.

Am I going about this the wrong way, is there something I missed, or am I just going to have to revert to rewriting the whole details.htm as DTML?

_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to