Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.

Download
ActivePython

dm.zopepatches.security 1.0
Workarounds related to Zope's security subsystem.

INSTALL>
pypm install dm.zopepatches.security

How to install dm.zopepatches.security

  1. Download and install ActivePython
  2. Open Command Prompt
  3. Type pypm install dm.zopepatches.security
 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
1.0 Available View build log
Windows (64-bit)
1.0 Available View build log
Mac OS X (10.5+)
1.0 Available View build log
Linux (32-bit)
1.0 Available View build log
Linux (64-bit)
1.0 Available View build log
 
Links
Author
License
BSD
Lastest release
version 1.0 on Jan 5th, 2011

This package allows to work around weaknesses in the web application server Zope's security subsystem. Currently, it contains a single module proxy.

proxy

In principle, Zope makes a clear distinction between trusted code (which comes from the file system and cannot be modified through-the-web) and untrusted code (which might be tangled with through-the-web). Trusted code is unrestricted by Zope's security subsystem, untrusted code has permission checks on each object and method access.

Unfortunately, occasionnally, trusted code performs its own security checks -- and can raise Unauthorized exceptions even when called from other trusted code. The proxy module is destined to work around this behaviour. It uses Zope's so called proxy roles to set up roles which should be used for internal security checks.

The module defines two methods setup_proxy_roles(roles) and cleanup_proxy_roles(context). They are used in the following idiom:

>>> context = setup_proxy_roles((role1, role2, ...))
>>> try:
>>>   ... perform any operation with internal security checks ...
>>> finally:
>>>   cleanup_proxy_roles(context)

This sets up proxy roles (role1, role2, ...) to be used for the following internal security checks until the following cleanup_proxy_roles.

Usually, the roles are ('Manager', 'Authenticated') but can be anything. Note that proxy roles override any currently active user roles.

Subscribe to package updates

Last updated Jan 5th, 2011

Download Stats

Last month:1

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.