Exactly, the fact that I could still access them is what caused me to abandon the feature 4 weeks ago not realizing the other effect. Trust me, I have likely read that element of the ZDG 5 times if not more. Although I believe in RTFM, with something as esoteric as Zope you gotta lighten up. Zope needs a mentoring program. The docs just aren't there yet. It honestly was not my intention to threaten anything. I was simply scared that I was going to have to jump ship with only a week and a half to go. Hmmm... my class was explicitly inheriting SimpleItem.SimpleItem so I wouldn't have to bother with the order in which I inherited. Another Zope lesson learned. Unfortunately, I only have some much cranial capacity to spare. I'm afraid I am going to have to drop a few birthdays and an anniversary to make room. Scott -----Original Message----- From: Chris Withers [mailto:chrisw@nipltd.com] Sent: Tuesday, May 21, 2002 8:02 AM To: Pierce, Scott Cc: 'zope@zope.org' Subject: Security Assertions, maybe time to change SimpleItem?! "Pierce, Scott" wrote:

OK, I'll publicly humilate myself now.

Not entirely, other than not really reading the bit about security in the ZDG ;-)

my own oversight. I incorrectly believed that having turned off permission acquisition and limiting 'View' access to a few select roles would be sufficient regarding DTMLFiles.

I assume you're developing a Python Product here? The answer is that it probably should, but you got caught out by a peice of history. It is documented that if you make no security assertions about a method in a python product that nothing will be able to access them, which is what you should have been experiencing, and which would have told you much more quickly that you had forgotten to make any security assertions. However, this policy was only(?!) introduced back in Zope 2.2 and so, for fear of breaking lots of code, a class called SimpleItem has an __access_unprotected_subobjects__=1 assertion. This basically makes unprotected stuff anonymously viewable, which was the old policy. Sadly, prettymuch everything subclasses SimpleItem, so the documented security policy isn't realyl adhered to much, hence when you forgot to make security assertions, the methods became anonymously viewable, which, from your poitn of view, sux ass.

I believe, and am not completely sure, that this is not the case because they are global having been 'instatiated' via: index_html = DTMLFile('index_html', globals()) within a product.

...so this isn't quite correct.

frustration/desperation as inappropriate. Zope can be a dark mistress.

...some would say a complete bitch ;-) Maybe it's time to change that assertion in SimpleItem and finally break all the code that peopel should have fixed long ago? cheers, Chris