[Zope-CMF] Re: [dev] CMF 2.0 browser views and Five traversal

yuppie y.2006_ at wcm-solutions.de
Wed Mar 8 17:14:59 EST 2006


Paul Winkler wrote:
> On Wed, Mar 08, 2006 at 10:52:09PM +0100, yuppie wrote:
>> You could access the edit view with 'edit.html' instead of 
>> '@@edit.html', but that has a major drawback: View names are not 
>> protected in any way if used without '@@'. You can easily screw up your 
>> site by adding content with the ID 'edit.html'.
> 
> Could you elaborate?  Does "not protected" mean that security
> is bypassed??? or what?

Sorry. I thought the context makes clear what I mean. Protected against 
overriding. Any user who is allowed to add content can override them 
with content objects.

Cheers, Yuppie



More information about the Zope-CMF mailing list