Hi, With all the talk of security and Zope 2.2 I thought I'd throw this one into the post again: How come you can browse things like the objectIds and objectValues methods through the web? Surely this is exposing information that people shouldn't really know about? For example, check out: http://www.zope.org/objectIds While I'm at it, is there any way to make DTML methods accessible to objects (such as other DTML methods) but not through URLs other than by a tortuous series of proxy roles? I've expressed views about an 'execute' permission in the past but these have fallen on deaf ears. For example: http://www.codecatalog.com/standard_html_footer This is messy and there's no reason why it needs to be exposed through a URL. cheers, Chris