[Zope] Why I must set security-property "Access contents information" to get Data from Database?

Patrick Ulmer ulmer at truckport.de
Thu Feb 10 02:44:17 EST 2005


>>I have protect my folder by using acl_users. But now I must allow access 
>>by anonymous to one DTML-Document. This document uses <dtml-in> to get 
>>data from my MySQL-Database. To allow acces I have to set the following 
>>security properties:
>>1. DTML-Document: View
>>2. Z-SQL-Method: Use Database Methods
>>3. Parent Folder: Access contents information
>>Is that right? 1 is for viewing HTML. 2 and 3 for access Database. I'm 
>>not realy sure, why I must set 3? Can somebody explain it?
>It allows you to access the parent folder.
>Without it, you get an "Unauthorized" when you handle
>the parent folder in any way in an untrusted context.

But if I only have a DTML-Document without <dtml-in> only the security 
property DTML-Cokument.View is necessary. Is that correct?


More information about the Zope mailing list