[Zope] Security Problems?

All, I've got a sneaking suspicion that there are some security problems in Zope 2.3.x. I've been trying to make a simple testcase and would like other (better) minds than mine to look at it. I have an external method which looks like: class c: def __init__(self,a): self.score=a self.test=a*a def t(self): retval=[] for a in range(1,10): retval.append(c(a)) return retval The class 'c' is a very simple class, it has no methods and only two attributes/properties 'score' and 'test'. The external method 't' is also very simple, it just returns an array of class 'c'. The dtml-method I'm using to access this array is as follows: <dtml-var standard_html_header> <dtml-in t> <dtml-var "_['sequence-item'].score"> </dtml-in> <dtml-var standard_html_footer> Nothing earth shattering there either. BUT, I get an unauthorized error raised with this traceback whenever I run this dtml-method: (note that a authentication login box is presented but NO user name is able to authenticate) Traceback (innermost last): File D:\ZOPE_T~1\lib\python\ZPublisher\Publish.py, line 223, in publish_module File D:\ZOPE_T~1\lib\python\ZPublisher\Publish.py, line 187, in publish File D:\ZOPE_T~1\lib\python\ZPublisher\Publish.py, line 171, in publish File D:\ZOPE_T~1\lib\python\ZPublisher\mapply.py, line 160, in mapply (Object: index_html) File D:\ZOPE_T~1\lib\python\ZPublisher\Publish.py, line 112, in call_object (Object: index_html) File D:\ZOPE_T~1\lib\python\OFS\DTMLMethod.py, line 189, in __call__ (Object: index_html) File D:\ZOPE_T~1\lib\python\DocumentTemplate\DT_String.py, line 538, in __call__ (Object: index_html) File D:\ZOPE_T~1\lib\python\DocumentTemplate\DT_In.py, line 717, in renderwob (Object: t) File D:\ZOPE_T~1\lib\python\DocumentTemplate\DT_Util.py, line 334, in eval (Object: _['sequence-item'].score) (Info: _) File <string>, line 0, in ? File D:\ZOPE_T~1\lib\python\DocumentTemplate\DT_Util.py, line 140, in careful_getattr File D:\ZOPE_T~1\lib\python\OFS\DTMLMethod.py, line 261, in validate (Object: index_html) File D:\ZOPE_T~1\lib\python\AccessControl\SecurityManager.py, line 144, in validate File D:\ZOPE_T~1\lib\python\AccessControl\ZopeSecurityPolicy.py, line 168, in validate Unauthorized: score All of this is run on a bog standard install of Zope 2.3.2 with no other products installed, no security changes done, REALLY bog standard. Anyone got any ideas? Cos this is doin my f'in ed in man?!?!?!?!?!? Phil phil.harris@zope.co.uk