16 Feb
2005
16 Feb
'05
6:04 p.m.
Chris Withers wrote at 2005-2-16 09:55 +0000:
... ZPublisher security checking only the traversed to object ... ... This feels like a pretty horrible security hole to me :-(
What do other people think?
I see it as a feature not a bug. It allows to have subsites less strictly protected than the upper layers. This is essential, as Zope makes it quite difficult to remove rights when going deeper into the hiearchy while it is quite easy to add additional rights. That traversal itself is not security checked is not such a big problem because when the application tries to access the ancestors from untrusted code, then security checks are performed. -- Dieter