Chris Withers wrote:
Well, okay, let me rephrase the question: Why is it bad for the bootstrap user to own anything? It used to be considered okay before Zope 2.2, so was has been changed/discovered that makes this now such a bad idea that despite loads of newbie pain and confusion, it's still worth while/necessary?
Objects used to execute according to the permissions of the AUTHENTICATED_USER or the proxy role. "Ownership" only applied (for execution purposes) if you explicitly set the proxy role to "Owner". This was a Very Bad Thing (tm) because once you authenticated as superuser you could view a random HTML page on the web/in your inbox that had a little javascript thingy that went and wiped out your entire site or <insert maliciousness here> Now every object excecutes according to the permision of the owner, *not* the viewer. It can also run as a proxy role. The super-bootstrap-user lives outside of "normal" zope authentication & has permission to do anything save that which NotEvenGodShouldDo. Therefore, it shouldn't own objects. This is *quite* important, and needs to stay. I don't know how to emphasize enough that this is a well thought out correction to an extremely deadly class of security problems that still (afaik) plagues many "other" through-the-web management systems. The newbie pain, however, could probably be mitigated- don't call it a Super user, since it hardly deserves the S or the cape. Have a user in the default install. Something like that. Patches accepted. -- ethan mindlace fremen Zopatista Community Liason Abnegate I!