[Zope-CMF] Re: [dev] CMF 2.0 browser views and Five traversal

Paul Winkler pw_lists at slinkp.com
Wed Mar 8 17:56:21 EST 2006


On Wed, Mar 08, 2006 at 11:14:59PM +0100, yuppie wrote:
> Paul Winkler wrote:
> >On Wed, Mar 08, 2006 at 10:52:09PM +0100, yuppie wrote:
> >>You could access the edit view with 'edit.html' instead of 
> >>'@@edit.html', but that has a major drawback: View names are not 
> >>protected in any way if used without '@@'. You can easily screw up your 
> >>site by adding content with the ID 'edit.html'.
> >
> >Could you elaborate?  Does "not protected" mean that security
> >is bypassed??? or what?
> 
> Sorry. I thought the context makes clear what I mean. Protected against 
> overriding. Any user who is allowed to add content can override them 
> with content objects.

Ah, obvious in retrospect.  I totally mis-parsed your message.
Thanks.

-- 

Paul Winkler
http://www.slinkp.com


More information about the Zope-CMF mailing list