[Zope-dev] New security model and products breaking zope management
Bill Anderson
bill@libc.org
Mon, 26 Jun 2000 15:20:40 -0600
"R. David Murray" wrote:
>
> OK, I've stared at this for a couple days and have not made any progress.
> Perhaps others will have some insights.
>
> Zope 2.2.0b2, clean install. Works fine. Add EMarket. Now the
> management is broken. Accessing the base URL of the site with
> /manage_main appended gives you the file list view of the root
> folder, with no prompt for authentication. Accessing /manage
> prompts for a login, but the right panel view is the import/export
> screen and not the folder list. There's other weird stuff, like
> a key error on "a_", which appears to be temporary variable used
> in one of the DTML management pages.
>
> I've read Brian's 2.2 product security update, and it looks to me like
> EMarket is Doing the Right Thing (though I haven't checked completely for
> unprotected methods yet), which makes sense since it was a working
> product <grin>.
>
> I have a private report that eTailor also has this problem, but haven't
> tested it myself.
If I am not the source of that report, chalk up another one for the
tally.