[Zope3-dev] Permission granularity/permission groups
Jim Fulton
jim at zope.com
Mon Feb 14 10:35:21 EST 2005
Chris Withers wrote:
> Jim Fulton wrote:
>
>>> supposedly being the case in Zope 2, but hey, everything subclasses
>>> SimpleItem, and SimpleItem says "all your base are belong to us" ;-)
>>
>>
>> I've never seen a claim that Zope 2 was "deny by default".
>
>
> From
> http://www.zope.org/Documentation/How-To/ProductAuthorUpdateGuide/index_html:
>
>
> "The new Zope security policy in 2.2 by default denies access to objects
> that are not explicitly protected."
I'm 98% sure that that is incorrect. Those changes made it
*possible* to deny by default, however, unfortunately, the
standard base classes are still allow by default for backward-
compatibility reasons.
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list