29 Aug
1999
29 Aug
'99
8:43 a.m.
Martijn Pieters wrote:
There are two methods, one of which is (to me) a very serious security breach: document_src (for which you need the View management screens permission), and PrincipiaSearchSource, for which you do not need any permissions at all. At any Zope2 site, I can add /PrincipiaSearchSource to the URL and see the source of that DTML Method/Document.
I just discovered this, and will report it to the Collector.
Are you sure? I tried this in the Zope beta site and I didn't manage to view the source of any page. -- Itamar - itamars@ibm.net