[ZCM] [ZC] 1154/ 4 Resolve "Session-machinery destroys execution
context"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Wed Jan 21 15:01:22 EST 2004
Issue #1154 Update (Resolve) "Session-machinery destroys execution context"
** Security Related ** (Public)
Status Resolved, Zope/bug medium
To followup, visit:
http://zope.org/Collectors/Zope/1154
==============================================================
= Resolve - Entry #4 by Brian on Jan 21, 2004 3:01 pm
Status: Pending => Resolved
resolved for 2.6.4 / 2.7.0
-BL
________________________________________
= Comment - Entry #3 by d.maurer on Dec 23, 2003 2:31 am
Uploaded: "ProxySession2.pat"
- http://zope.org/Collectors/Zope/1154/ProxySession2.pat/view
The previous patch contained a bug in "AccessControl.SecurityManagement.getSecurityManager".
It could return "None".
New (hpoefully correct) patch attached.
________________________________________
= Comment - Entry #2 by d.maurer on Dec 19, 2003 5:11 am
Uploaded: "ProxySession.pat"
- http://zope.org/Collectors/Zope/1154/ProxySession.pat/view
Patch attached
________________________________________
= Request - Entry #1 by d.maurer on Dec 16, 2003 1:17 pm
"Transience.TransientObjectContainer._notify" calls
"newSecurityManager" and thereby destroys the
executable security context.
This makes proxy roles ineffective for objects that
access sessions (when they are created for the first time).
This may be a security risk.
==============================================================
More information about the Zope-Collector-Monitor
mailing list