[Zope-dev] Security still wierd
Michael R. Bernstein
webmaven@lvcm.com
01 Aug 2001 11:53:56 -0700
On 01 Aug 2001 20:01:12 +0200, Joachim Werner wrote:
> > Supposedly, setting __allow_access_to_unprotected_subobjects__ = 0
>
> I **might** have found an answer to this:
>
> Found here: http://www.zope.org/Members/karl/MyWiki/PublishNotes
>
> " - tries to get __allow_access_to_unprotected_subobjects__ if not there
>
> this can be true, in which case access is granted, or a dict, in which case
> we grant if the value for the key of the object's name is true, or a
> callable object, in which case we grant if the function called with the name
> and the value (?) returns true."
>
> Seems that "__allow_access_to_unprotected_subobjects__ = 0" is wrong. It
> should either be "1" or a dictionary of permissions ...
<expletive deleted>! No wonder it wasn't working! If I have this right,
setting __allow_access_...etc to an empty dict should work, right?
Michael Bernstein