[Zope-Coders] Re: [Zope-dev] Speaking of 2.6...
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 10 Apr 2002 15:12:19 +0100
On Wed, 10 Apr 2002 01:30:56 +0300, Myroslav Opyr
<myroslav@zope.net.ua> wrote:
>Is Anonymous able to get out of the shared=20
>object to secure environment?
User X is designated as a manager of folder /Xfolder. In todays Zope
/Xfolder is a secure environment.... He has no authority over objects
outside that folder, thanks to aq_inContextOf
Can he create links to objects outside that folder?
Links would be pretty useless if not. A common use case would be to
create a link /XFolder/banner.gif to /stock_images/banners/mono.gif
(for example).
However if that is allowed, he now has management rights over that
image object.
I dont see how 'hard links' can possibly avoid this problem.
Toby Dickenson
tdickenson@geminidataloggers.com