Chris Withers writes:
Dieter Maurer wrote:
At least in Zope 2.2.1, "aq_base" was not exposed to DTML.
....and I don't think it ever would or should be sicne it strips off all security context and would probably let you do 'bad things' :-S I do not think, an object without any acquisition (and security) context is a big security risk. The lack of a security context means, that the default security setting built into the Zope security policy is used. In Zope 2.2.2., this means, only "Manager" can do anything, unless the object itself mapped some permissions itself to roles (which then remain valid even for the base object).
However, I see another danger. As old (now fixed) bugs in "ZopeFind" have demonstrated, objects stripped of their acquisition context lead to very strange errors, where suddenly even Manager cannot use the object any more. Thus, I agree that "aq_base" should not be exposed, even if for a different reason. Dieter