If it is an issue for XML-RPC users, maybe there should be a "Traversable" permission on Folder objects that could default to not allowing web-traversal, but allowing it to be enabled if desired. Would this affect FTP access to folders? -Paul Brian Lloyd wrote:
This is something that has come up before. I propose that the real problem here is that 'objectIds' should not be web-traversable.
I have, in fact, proposed this before. It caused a bit of grumbling among people using xml-rpc, who were using objectIds remotely, so we never came to closure on it.
This comes up often enough that I'm inclined to do something about it for 2.3. I propose that objectIds (and objectValues) will not be directly accessible via the Web in 2.3. For xml-rpc applications, it should be a simple enough task to create a Python Script (or even a DTML Method) that *is* Web accessible to relay that information if it is needed.
Thoughts?
Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
-- Paul Erickson | erickson@kaivo.com Kaivo, Inc. | www.kaivo.com