Personal tools
You are here: Home Products PloneFormGen Documentation Tutorials Simple SQL CRUD With PloneFormGen A Note on Security
Navigation
Log in


Forgot your password?
New user?
 
Document Actions

A Note on Security

It takes extra steps to secure a database connection and SQL methods.

Steve McMahon

A step-by-step lesson in using PloneFormGen to read, insert and update rows in a single SQL table.
Page 6 of 6.

If this is the first time you've worked with a Zope database connection, there's an important security point you may not have considered:

Zope Database Connections and Z SQL Methods are not part of the Plone workflow.

This means that you may not depend on the Plone content workflow to provide security for these connections and methods. You must use the Zope security mechanisms directly to control access.

This is also true of Python scripts and other Zope-level objects you might create via the ZMI. But Zope provides a safety net of security for most of those. There is no such automatic safety net for external RDBMS access methods.

The easiest way to do this is to use the ZMI to visit the top-most folder of your form and use the Security tab to customize security. Look in particular for the Use Database Methods permission, and make sure it is not extended to any user role that should not have a right to read or update your external database.

Previous: Updating or Inserting as Necessary  
 
by Steve McMahon last modified January 15, 2007 - 00:49

For any issues with the web site functionality, please file a ticket.

Please consult the policy on plone.org content if you want your content published on this site.

Servers and hosting by