[Zope] Re: Security Hole in
dieter at handshake.de
Thu Feb 17 14:21:44 EST 2005
Chris Withers wrote at 2005-2-17 09:22 +0000:
>Well, this does beg the question: is this how restrictedTraverse works?
>If not, then why isn't restrictedTraverse used?
I already answered this question (implicitly) in an earlier
ZPublisher cannot use "restrictedTraverse" because
authentication happens only at the end of traversal.
Up to this point, there is no user and
"restrictedTraverse" is likely to fail.
More information about the Zope