Duh.. you are right. It is vulnerable to several possible attacks-- a backdoor access controlling environment variable, explicit deletion through the ZMI (I think that'll work--but I've not tried), and so forth. Maybe you can propose a better solution. I have material which is to be revealed only at the right time and place. For example, tests and their answers. Our authentication is for the role and we (try to) manage access control on the other parameters explictitly in Zope code. How do we prevent end-round access? On Fri, 30 Apr 2004, Jamie Heilman wrote:
Dennis Allison wrote:
Suppose I have pages stored in a folder structure rooted at /foo. The view security permission on /foo/... requires an Authenticated User. Normally pages are served from /foo/... under programatic control and additional constraints are applied. But, if the user creates another browser window and if he/she knows the URL (or the root URL) they can move about /foo/... however they want by simply entering the URL into the browser. (This works because they are authenticated and the authentication is shared in the browser.)
So, why is that a problem? You can't stop that with access rules anyway, you can't stop anything with access rules, users can choose to disable them on a whim.
-- Jamie Heilman http://audible.transient.net/~jamie/ "I was in love once -- a Sinclair ZX-81. People said, "No, Holly, she's not for you." She was cheap, she was stupid and she wouldn't load -- well, not for me, anyway." -Holly
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )