[Zope] external methods returning objects

[Dieter Maurer]

Stephan Herschel writes:
 > I've just tried to return a python-object from an external method and to
 > use this from inside zope. I tried to call a method of this object, and
 > funnily no error appeared but i was prompted for authentication again.
 > Does this make sense? Is there a workaround?
In order to access any class instance from untrusted code,
the class must have security declarations.

Read Brian's excellent "Zope 2.2 Security" paper (--> Zope.org).
While the security declarations have been made nicer with Zope 2.3,
the old declarations still work.

Maybe the Zope book describes the modern security declarations.
If not, you surely will find them in the Zope developper guide
(--> Zope.org).


Dieter