[Zope] Re: restricting permissions for direct access only

Chris Withers chris at simplistix.co.uk
Thu Feb 16 03:27:43 EST 2006

Tres Seaver wrote:
> The prior behavior (allowing users to access protected resources "above"
> the domain of their user folders) was a security hole caused by a bug,
> and was never documented as allowable:  correcting it was a matter for a
> rather urgent fix, as it broke the explicitly-documented model.

I don't think that's what Michael and I were commenting on...

IIRC, if you had scripta calling scriptb, you used to be able to give 
scripta a proxy role and scriptb would also execute with that role. 
However, again IIRC, in current Zope releases, if you give scripta a 
proxy role, when it calls scriptb, scriptb will just run with the roles 
of the current user.

Have I got this right? If so, I wonder why the change was made...


Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Zope mailing list