[zope2-tracker] [Bug 142399] Re: hasattr_unacquired

Tres Seaver tseaver at palladion.com
Sat May 15 18:52:58 EDT 2010


Enabling tests from untrusted code on objects whose acquisition context
has been stripped is problematic, because the security machinery needs
the context to verify that the user is defined within the same "authentication
zone" as the object:  if the stripped object has the attribute in its dict, but the
user would not be allowed to access that attribute, what should the proposed
helper function return?

** Changed in: zope2
   Importance: Medium => Low

** Changed in: zope2
       Status: Confirmed => Triaged

-- 
hasattr_unacquired
https://bugs.launchpad.net/bugs/142399
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.


More information about the zope2-tracker mailing list