[Zope3-dev] Re: [Z3d] 78/ 3 Comment "add.pt is viewable by anonymous despite
Zope.ManageContent permission"
R. David Murray
bitz@bitdance.com
Mon, 28 Oct 2002 19:56:35 -0500 (EST)
On Sun, 27 Oct 2002, Collector: Zope 3 ... wrote:
> It turns out that the factory for pages within named views was producing pages without a security proxy. When I added this back in, I discovered various bugs in how the permissions requirements are calculated. When I fixed those, various things became broken because of other omissions of security assertions and omissions of security wrapping, which had gone undetected due to the original problem.
This strikes me as a potentially fatal flaw in the security model!
I thought the idea was that in order for something to be accessible
through the web, it had to have a security proxy. This sounds like
if trusted code forgets to wrap, data can get potentially get
exposed. And as we have seen with this case, it isn't obvious that
there's a security bug (this one was only detected because I used
a browser that is non-standards-compliant with respect to basic
auth credential presentment).
Shouldn't the publisher be refusing to publish anything without a
security proxy, just like Zope2 refuses to publish unwrapped objects?
--RDM