On Thu, 30 May 2002, Chris Withers wrote:
People will be really confused to see such results:
http://www.zope.org/Documentation/ZopeBook/Documentation http://www.zope.org/Images
Why would they see such URLs?
Normally would not. But if I know such a site is managed by Zope, I can easily find such a URL with dead loops. I don't know how search engines like Google handles this situation, at least it will cause unnecessary traffic to the site once a bad guy just simply publish the URL on their own page. I'm a little bit new to Zope. I don't yet have a lot of my own objects created under Zope. But I think there might be some objects like methods or scripts that is URL-sensitive. It will adds lots of tasks to the script itself to filter off unexpected request URLs to avoid generating errors that may turn into security holes.
Is there a way to setup an object to be uninheritable or as private to avoid this logic? Or maybe we should workout a way to do so.
If you're interested, take a look at Zope 3. However, in your case, you probably need to worry more about why you're generating URLs like the ones above rather than the fact that it is possible to do so.
Hackers everywhere. :) Wei He