[Zope] Re: Security Hole in ZPublisher.BaseRequest.BaseRequest.traverse?

Dieter Maurer dieter at handshake.de
Thu Feb 17 14:21:44 EST 2005

Chris Withers wrote at 2005-2-17 09:22 +0000:
> ...
>Well, this does beg the question: is this how restrictedTraverse works? 
>If not, then why isn't restrictedTraverse used?

I already answered this question (implicitly) in an earlier

  ZPublisher cannot use "restrictedTraverse" because
  authentication happens only at the end of traversal.

  Up to this point, there is no user and
  "restrictedTraverse" is likely to fail.


More information about the Zope mailing list