At 22:27 29/08/99 , Kevin Dangoor wrote:
So, anyone can look at the content of a Z SQL Method or a DTML Method (and maybe document). Is it possible to look at any arbitrary property? I've been working under the assumption that there was no way for someone to view a property unless you give them access via a method or the management screens...
As I understand it, properties are not objects, and are therefor not traversable with URLs. They can only be referenced from within Zope, so they are, as far as I can see, safe. REQUEST for example is an object, so you can access it: http://www.zope.org/REQUEST Zope 2.0 gives you a nicer format: http://www.zope.org:18200/REQUEST This is very handy for debugging purposes. RESPONSE has not been yet created at the time of traversal, so that will give a not found error. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | Tel: +31-35-7502100 Fax: +31-35-7502111 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------