[Zope-dev] Suggestion for small(?) change in BaseRequest.py.
Security effects?
Dieter Maurer
dieter at handshake.de
Thu Sep 2 17:01:03 EDT 2004
Lennart Regebro wrote at 2004-9-2 12:38 +0200:
> ...
>Are there any other problems with NOT raising an exception in
>unathorized(). Becuase if there is, we probably limit the possible
>challenge responses to a redirect, and then this change makes no difference.
If the traversal made any changes to persistent state, then
these changes are committed rather than aborted.
Usually, traversal should not change the persistent state -- but...
--
Dieter
More information about the Zope-Dev
mailing list