4 Aug
2001
4 Aug
'01
10:35 p.m.
Yes, as users can call a Method A, which they shouldn't be able to call via the publisher because it's defined in a place where they shouldn't be able to get to it, given that they have a Role X in the place they're defined, and Method A is protected also by a permission granted to role X. ----- Original Message ----- From: "Chris Withers" <chrisw@nipltd.com> To: "Chris McDonough" <chrism@zope.com>; <zope@zope.org> Sent: Saturday, August 04, 2001 5:19 PM Subject: Re: [Zope] ATTN: Zope Security Alert
http://www.zope.org/Products/Zope/Hotfix_2001-08-04/README.txt
Does this problem affect Zope setups where semi-trusted users are _not_ allowed to edit TTW code?
cheers,
Chris