You are not logged in Log in Join
You are here: Home » Members » Tres Seaver's Zope.org Site » Zope Security Audit » Zope Security Audit Script Released

Log in
Name

Password

 

Zope Security Audit Script Released

Overview

Zope's fine-grained security model is powerful, but hard to manage. This tool gives the system administrator an overview of the security status of the site, by searching for "exceptions" to the default / acquired behavior. In particular, it flags all objects which meet have any of these criteria:

  • Local role assigments;
  • Proxy roles;
  • Overridden permission mappings;
  • Executable ownership which differes from the ownership of the 'aq_parent';
  • Owner local roles which don't include the executable owner (leave out System Processes for unowned).

The product includes a screenshot, showing a sample report.

Updated Version

Version 0.2 contains two important fixes (I recommend removing and reinstalling):

  • Add exception handling for items which raise errors during tweak construction (thanks to Wolfgang Strobl for pointing this out!)
  • Modify both showTweaks and allTweaks to be usable only with Manager role (thanks to Joel Burton for pointing this out!)