10 Apr
2002
10 Apr
'02
2:12 p.m.
On Wed, 10 Apr 2002 01:30:56 +0300, Myroslav Opyr <myroslav@zope.net.ua> wrote:
Is Anonymous able to get out of the shared object to secure environment?
User X is designated as a manager of folder /Xfolder. In todays Zope /Xfolder is a secure environment.... He has no authority over objects outside that folder, thanks to aq_inContextOf Can he create links to objects outside that folder? Links would be pretty useless if not. A common use case would be to create a link /XFolder/banner.gif to /stock_images/banners/mono.gif (for example). However if that is allowed, he now has management rights over that image object. I dont see how 'hard links' can possibly avoid this problem. Toby Dickenson tdickenson@geminidataloggers.com