Michel Pelletier wrote:
-----Original Message----- From: Anthony Baxter [mailto:anthony@interlink.com.au] Sent: Tuesday, January 04, 2000 6:27 PM To: Michel Pelletier Cc: zope-dev@zope.org Subject: Re: [Zope-dev] feedback wanted on ZCatalog changes...
do you think? Can you reproduce a security violation with your patch?
Nope. Not in my application. In _theory_ I can see that you could have a security problem if you weren't aware that the indexing occurs in the context running the findandapply request - but then, it does already (see above). Heck, you could even make it a toggle option in the page 'index acquired objects'.
Ok, this is a good compromise. I'll put a checkbox on the find form and add some logic to the find method to either acquire or not.
May I suggest another checkbox to enable indexing on a rendered value? the combination of these two enhancements would let you create a single textindex on an acquired method that aggregated several diferent attributes, for example 'title', 'Content', 'Answer', etc. by using an acquired, rendered value, you could standardize on a single index, and just override the method where appropriate in your hierarchy. Michael Bernstein. -- ------------------------------------------- Michael Bernstein webmaven@SPORKlvcm.com FIAWOL {Fandom Is A Way Of Life} http://www.fiawol.com ------------------------------------------- Remove the KFC utensil to reply.