"Pierce, Scott" wrote:

OK, I'll publicly humilate myself now.

Not entirely, other than not really reading the bit about security in the ZDG ;-)

my own oversight. I incorrectly believed that having turned off permission acquisition and limiting 'View' access to a few select roles would be sufficient regarding DTMLFiles.

I assume you're developing a Python Product here? The answer is that it probably should, but you got caught out by a peice of history. It is documented that if you make no security assertions about a method in a python product that nothing will be able to access them, which is what you should have been experiencing, and which would have told you much more quickly that you had forgotten to make any security assertions. However, this policy was only(?!) introduced back in Zope 2.2 and so, for fear of breaking lots of code, a class called SimpleItem has an __access_unprotected_subobjects__=1 assertion. This basically makes unprotected stuff anonymously viewable, which was the old policy. Sadly, prettymuch everything subclasses SimpleItem, so the documented security policy isn't realyl adhered to much, hence when you forgot to make security assertions, the methods became anonymously viewable, which, from your poitn of view, sux ass.

I believe, and am not completely sure, that this is not the case because they are global having been 'instatiated' via: index_html = DTMLFile('index_html', globals()) within a product.

...so this isn't quite correct.

frustration/desperation as inappropriate. Zope can be a dark mistress.

...some would say a complete bitch ;-) Maybe it's time to change that assertion in SimpleItem and finally break all the code that peopel should have fixed long ago? cheers, Chris