[Zope] Is there any way to turn off the publishing of externalmethods to the web in Zope?

Jonathan dev101 at magma.ca
Fri Jan 26 14:29:34 EST 2007


----- Original Message ----- 
From: "Mark, Jonathan (Integic)" <jonathan.mark at integic-hc.com>
To: "Jonathan" <dev101 at magma.ca>; <zope at zope.org>
Sent: Friday, January 26, 2007 2:32 PM
Subject: RE: [Zope] Is there any way to turn off the publishing of 
externalmethods to the web in Zope?


> Using a proxy role on the calling Python Script worked. My guess is that a 
> clever hacker could call the Python Script continually and then create a 
> race condition that would permit him to call the External Method directly 
> in a URL, thus passing the External Method his own malicious parameters.

That's why i suggested, in an earlier response, a URL test within the 
external method.


Jonathan 



More information about the Zope mailing list