-----Original Message----- From: Anthony Baxter [mailto:anthony@interlink.com.au] Sent: Tuesday, January 04, 2000 6:27 PM To: Michel Pelletier Cc: zope-dev@zope.org Subject: Re: [Zope-dev] feedback wanted on ZCatalog changes...
do you think? Can you reproduce a security violation with your patch?
Nope. Not in my application. In _theory_ I can see that you could have a security problem if you weren't aware that the indexing occurs in the context running the findandapply request - but then, it does already (see above). Heck, you could even make it a toggle option in the page 'index acquired objects'.
Ok, this is a good compromise. I'll put a checkbox on the find form and add some logic to the find method to either acquire or not.
[*1] go to www.ekit.com, sign up for an account (about 3 clicks) then click on 'help'. The tree on the left is populated from ZCatalog searches, which amongst other thing only show help for the stuff your account is able to do, the search box is a textindex of the files (which, again, only searches the help for stuff your account can do), and the lookup of a help document (like, when you click on a help link) will hit the ZCatalog to look up the file's path. The help files themselves are maintained by a non-techie in dreamweaver, and uploaded into zope. ZCatalogs rock :)
Thanks! -Michel