Hi! Leonardo Rochael Almeida wrote:
After the last two rather serious security issues that were recently patched in the Zope2 code base, it is increasingly clear to me that, differently than what Hanno reported some time ago, it's not so much the ZMI that represents a huge security liability in the Zope codebase, but it's actually the way the current publisher happily traverses any attribute and publishes any method with docstring by default.
Is that the fault of the publisher? AFAICT the biggest security problem of Zope2 is this line in OFS.SimpleItem.Item: # Allow (reluctantly) access to unprotected attributes __allow_access_to_unprotected_subobjects__=1 I'm not familiar with the details of the first hotfix, but the second one wouldn't have been necessary without that line. I propose to remove that line in Zope 4 and to add explicit security declarations where ever needed. The first part is easy, the second part a lot of work for many people. Cheers, Yuppie