Tres Seaver wrote: > bruno modulix wrote: > > >>>Dieter, I didn't misunderstood your proposed solution. But some users >>>exist in different CPMs with different roles in each CPM. So - unless >>>I'm totally at lost with how Zope's security works - if User1 has role >>>RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2, >>>he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url >>>cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in >>>any CPM could gain access to any other CPM just by faking url. > > > The Zope security machinery goes out of its way to prevent such an > exploit:
Which one ? I have the case where authentication happens in the context, not containment, ie given two sibling folders fa and fb, each with it's own acl_user, if UserA exists in fa['acl_users'] and not in fb['acl_users'], then UserA is still authenticated in fb when accessing it thru fa/fb (while he is not when accessing fb directly). > essentially, it considers only "containment" acquisition when > evaluating roles, etc. I wasn't very sure about this. If I understand correctly, this means that authentication can come from an acl_user aquired by context (this is what I've experimented), but that roles/permission lookup will only happens in the containment hierarchy ? -- Bruno Desthuilliers Développeur [EMAIL PROTECTED] _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )