Andy McKay wrote:
Well if an anonymous user was allowed access to none of your site except standard_error_message that would sound like a security hole some person with a warped mind on these issues could use.
I don't think so... the site designer just has to remember that object is anonymously viewable, as with any other anonymously viewable object. If it's not anonymously viewable, fair enough, throw the hard coded error _saying_ standard_error_message wasn't viewable by anonymous...
Sure I suppose. How of course to implement this is another issue, as errors get thrown up to /lib/python/ZPublisher/HTTPResponse.py and it would be get to trap them before then. But Im just coming off your last suggestion regarding exporting folders with no subobjects and dont want to dive back into Zope internals until my brain has stopped hurting :)
...besides, telling them the path where Zope is installed on your server, which the error message does, is probably a much worse security 'hole'.
I don't like the way Zope does this for _all_ standard_html_error's, especially as it tacks the error on the end of the HTML in production mode, thus generating technically incorrect HTML (I think? ;-)
Absolutely, not just that its incorrect HTML, but also that it can expose implementation issues such as oh that site GUF, I know a hole there...
cheers,
Chris