-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://collective-docs.plone.org/security/permissions.html#bypassing-permission-checks
(works only from trusted code like browser views or package code - not from PythonScripts) - -aj Brian Sullivan wrote: > I am looking at a situation (an online self registry process) where I > want to allow a user that is not logged in to be able to create a user > and do a number of other functions normally reserved for and > restricted to logged in users with a fairly elevated rights. I need to > perform these functions from a Python script. > > What is the best strategy for doing this? I am thinking that creating > a separate python script that has elevated rights and allowing > Anonymous access to it and calling it from a script that does not have > elevated rights is the best strategy to manage it. Am I creating a > huge security hole by doing this? > _______________________________________________ > Zope maillist - Zope@zope.org > https://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > https://mail.zope.org/mailman/listinfo/zope-announce > https://mail.zope.org/mailman/listinfo/zope-dev ) - -- ZOPYX Limited | zopyx group Charlottenstr. 37/1 | The full-service network for Zope & Plone D-72070 Tübingen | Produce & Publish www.zopyx.com | www.produce-and-publish.com - ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQGUBAEBAgAGBQJNDF54AAoJEADcfz7u4AZjP3ALv3Wf/qV13mgyzFz3Stm81tYg PMe2v/mj2eYfLFXuPR4LhTnickMfRJJNdD/LYwOdK6GLgvh307GkM/0mrCrpeHoO pIizuTuYhsl5ITdaUF3R+VcHlRmIZsNrYIEummmNAQjMW0hLA3XEefv9KvlV+P53 q6rzHq4n9T4JkKBh/QX0KiMVZOHeRjV1AnC3hXyqhbZCd8/pCgJDVsecbEBWlFrj izDhb6q+THHsjzRTbKzljnXJw8/he8TeCbN8cmjrlAVW5UhO/AIRQ2ikPh2GybAl pUSRuHux78+WRaw4av1WG+XBWVS1uZNmJnsNFPNr8NY7OE7hvSBttZTVzWmf9VyT jHWkpNKRROd83mpfZuHh3m9Ei6v5AvCFzr5Lt1O/M4bH4Rki8aqRqyzDy9fYEIW1 +CAhxUN511v2zSmcpmLClhkErZQP3qp0uXi+TIAj+/tbrXs8I7/fOlo/VWXMzxNy XM85seHdMYlWgsRbX/sVJKn5NOpqLsk= =UTd0 -----END PGP SIGNATURE-----
<<attachment: lists.vcf>>
_______________________________________________ Zope maillist - Zope@zope.org https://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope-dev )