[Zope-dev] Zope security alert and 2.2 information

Anthony Baxter Anthony Baxter <anthony@interlink.com.au>
Wed, 10 May 2000 12:01:10 +1000


Some notes -

On the server side, with all the new stuff about 'Owners', I'd
like to suggest that the 'Find' tab better be able to find by
owner  :)

On the changing of ownership - could a container object get a 
'recursively take ownership' tab? If you've got a bunch of people
working on a site, and one leaves, it would be nice to fix that
easily. Particularly since having an owner deleted is bad bad.

What happens if an object is cut'n'pasted? Does the ownership
change?

What about if a folder is cut'n'pasted - does the ownership of
everything in the folder change? 

It looks like trying to move or rename a user database will 
essentially become impossible (if any users from that user
database are owners)...

I'm assuming that when you talk about something being accessible
to the owner of the resource, this is at run-time, not creation
time? So if I change a manager's roles, this will affect their
objects?

hm, more thoughts to come, no doubt.

Anthony

>>> Brian Lloyd wrote
> Hello all - 
> 
> We have recently become aware of two important security issues 
> that managers of Zope sites need to be aware of. Please see the 
> overview at:
> 
> http://www.zope.org/Members/jim/ZopeSecurity/TrojanIssueOverview
> 
> for further details.
> 
> 
> 
> Brian Lloyd        brian@digicool.com
> Software Engineer  540.371.6909              
> Digital Creations  http://www.digicool.com 
> 
> 
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
> 

-- 
Anthony Baxter     <anthony@interlink.com.au>   
It's never too late to have a happy childhood.