Re: [Zope] security risk in "many authors" situation
On Sun, 6 May 2001 10:44:24 -0400 (EDT) you wrote:
IIRC, this is *not* the case at all --
Ah! I love being wrong about such things.
you 'run' a script w/the intersection of your privileges and those of the creator.
I did something earlier that lead me to assume that this was not the case, but I went back to verify it and I see that what you say is correct. My day is really looking up. If I had been right about that, I would have been in a world of hurt.
(Hence, why the superuser can't own objects.)
Of course. That makes perfect sense. Thank you for the correction! I'm sorry that I didn't check more today. I'll try to investigate my sleep-time conclusions a bit before I panic next time. --kyler
----- Original Message ----- From: "Kyler B. Laird" <laird@ecn.purdue.edu> To: "Joel Burton" <joel@scw.org> Cc: <zope@zope.org> Sent: Sunday, May 06, 2001 10:59 AM Subject: Re: [Zope] security risk in "many authors" situation
On Sun, 6 May 2001 10:44:24 -0400 (EDT) you wrote:
IIRC, this is *not* the case at all --
Ah! I love being wrong about such things.
This was a problem in Zope prior to 2.2. See http://www.zope.org//Members/jim/ZopeSecurity/ServerSideTrojan _____________________ Ron Bickers Logic Etc, Inc. rbickers@logicetc.com
participants (2)
-
Kyler B. Laird -
Ron Bickers