[Zope-dev] feedback wanted on ZCatalog changes...

[Michel Pelletier]

> -----Original Message-----
> From: Anthony Baxter [mailto:anthony@interlink.com.au]
> Sent: Tuesday, January 04, 2000 6:27 PM
> To: Michel Pelletier
> Cc: zope-dev@zope.org
> Subject: Re: [Zope-dev] feedback wanted on ZCatalog changes... 
> 
> > do you think?  Can you reproduce a security violation with 
> your patch?
> 
> Nope. Not in my application. In _theory_ I can see that you could 
> have a security problem if you weren't aware that the indexing
> occurs in the context running the findandapply request - but then,
> it does already (see above). Heck, you could even make it a toggle
> option in the page 'index acquired objects'. 

Ok, this is a good compromise.  I'll put a checkbox on the find form and
add some logic to the find method to either acquire or not.

> [*1] go to www.ekit.com, sign up for an account (about 3 clicks) then
> click on 'help'. The tree on the left is populated from 
> ZCatalog searches,
> which amongst other thing only show help for the stuff your account is
> able to do, the search box is a textindex of the files (which, again,
> only searches the help for stuff your account can do), and 
> the lookup of a
> help document (like, when you click on a help link) will hit 
> the ZCatalog
> to look up the file's path. The help files themselves are 
> maintained by
> a non-techie in dreamweaver, and uploaded into zope.  
> ZCatalogs rock :)

Thanks!

-Michel