26 Jan
2007
26 Jan
'07
7:29 p.m.
----- Original Message ----- From: "Mark, Jonathan (Integic)" <jonathan.mark@integic-hc.com> To: "Jonathan" <dev101@magma.ca>; <zope@zope.org> Sent: Friday, January 26, 2007 2:32 PM Subject: RE: [Zope] Is there any way to turn off the publishing of externalmethods to the web in Zope?
Using a proxy role on the calling Python Script worked. My guess is that a clever hacker could call the Python Script continually and then create a race condition that would permit him to call the External Method directly in a URL, thus passing the External Method his own malicious parameters.
That's why i suggested, in an earlier response, a URL test within the external method. Jonathan