[Zope-dev] Security still wierd
Joachim Werner
joe@iuveno-net.de
Wed, 1 Aug 2001 20:01:12 +0200
> Supposedly, setting __allow_access_to_unprotected_subobjects__ = 0
I **might** have found an answer to this:
Found here: http://www.zope.org/Members/karl/MyWiki/PublishNotes
" - tries to get __allow_access_to_unprotected_subobjects__ if not there
this can be true, in which case access is granted, or a dict, in which case
we grant if the value for the key of the object's name is true, or a
callable object, in which case we grant if the function called with the name
and the value (?) returns true."
Seems that "__allow_access_to_unprotected_subobjects__ = 0" is wrong. It
should either be "1" or a dictionary of permissions ...
Does that help a bit?
Joachim