Zope: Security Model Issue Impacts User Privilege and DTML Security

Zope Weekly News has reported a problem with its security model that appears to be potentially pervasive and not necessarily Zope-specific. This is the first installation in a three-part series on Zope's efforts to rein in the trojan, which will . . . Zope Weekly News has reported a problem with its security model that appears to be potentially pervasive and not necessarily Zope-specific. This is the first installation in a three-part series on Zope's efforts to rein in the trojan, which will be further explored in LinuxNews.com later this week. According to Zope, the problem isn't necessarily an easy one to spot. "The issue involves a way that less privileged site users with the ability to edit DTML [content] could trick more privileged users into executing their content, taking actions on behalf of the higher privileged user that he did not intend (and may not even be aware of)."

The link for this article located at LinuxMall [LinuxToday] is no longer available.