[Zope-dev] strange priv leak

Jamie Heilman jamie@audible.transient.net
Sun, 18 May 2003 18:38:46 -0700


Lately I've been noticing that http://host/zopeobject/manage_options
is accessible TTW with no priveleges.  Unless I'm on crack, wasn't
always like this.  I've been trying to figure out what changed and the
only thing I can discern is is that may be related to using python
2.2.  I've seen it happen with 2.6.1 & python 2.2, and I've seen it
happen with HEAD & python 2.2, but never 2.6.1 & python 2.1.3.  Can
anyone else corroborate this?  Even better does anyone else know how
to fix it?  I'm wondering if there's more hanging out in the open than
just some attributes here and there.

-- 
Jamie Heilman                   http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality.  Before we know the words
 for it, before we know there are words, out we come bloodied and squalling
 with the knowledge that for all the compasses in the world, there's only
 one direction, and time is its only measure."		-Rosencrantz