I am looking at a situation (an online self registry process) where I
want to allow a user that is not logged in to be able to create a user
and do a number of other functions normally reserved for and
restricted to logged in users with a fairly elevated rights. I need to
perform these functions from a Python script.
What is the best strategy for doing this? I am thinking that creating
a separate python script that has elevated rights and allowing
Anonymous access to it and calling it from a script that does not have
elevated rights is the best strategy to manage it. Am I creating a
huge security hole by doing this?
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )
want to allow a user that is not logged in to be able to create a user
and do a number of other functions normally reserved for and
restricted to logged in users with a fairly elevated rights. I need to
perform these functions from a Python script.
What is the best strategy for doing this? I am thinking that creating
a separate python script that has elevated rights and allowing
Anonymous access to it and calling it from a script that does not have
elevated rights is the best strategy to manage it. Am I creating a
huge security hole by doing this?
_______________________________________________
Zope maillist - Zope@zope.org
https://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope-dev )