7 Sep
2000
7 Sep
'00
7:49 p.m.
ethan mindlace fremen writes:
Now every object excecutes according to the permision of the owner, *not* the viewer. It can also run as a proxy role. The super-bootstrap-user lives outside of "normal" zope authentication & has permission to do anything save that which NotEvenGodShouldDo. Therefore, it shouldn't own objects. Am I really expected to understand this "Therefore"? In fact, I do not!
Does it mean, that a Superuser can execute any method with *ITS* privileges and not the intersection of its priviledges with the owners privileges? I hope (and expect) not! Why is it much worse when an object is owned by Superuser than by a manager? What are the differences with respect to the Trojan Horse or other security issues? Dieter