Jens Vagelpohl wrote at 2005-11-20 19:01 +0100:
... IMHO proxy roles should be used extremely sparingly, if at all. They are a last resort and I personally never use them. Matter of fact I believe having to use them means the application design could use some improvement...
If something needs to be done with elevated privileges it should be in filesystem product code or, if that is not feasible, in an external method. At least that's my philosophy ;)
You have lost the thread's start: George's problem has been that he could not move an object in an *EXTERNAL METHOD*, i.e. in trusted filesystem code. He would have the same problem in a filesystem product. The problem is that "CopySupport" performs a local security check (in "_verifyObjectPaste") independent from its caller (it does not matter whether the rename/move/copy was called from trusted or untrusted code). With appropriate proxy roles, an untrusted Python Script can perform some rename/move/copy that trusted code is unable to perform. I assume you can agree that this is a somewhat unsane situation... -- Dieter