[Zope-dev] Security still wierd
Dieter Maurer
dieter@handshake.de
Fri, 3 Aug 2001 20:53:22 +0200 (CEST)
Michael R. Bernstein writes:
> The only thing I'm doing with traversal (assuming that my code is at
> fault here) is the following:
>
> def __getitem__(self, id):
> return self.Entries[id].__of__(self)
>
> Entries is a dictionary that uses id as a key, and instances of my
> EntryClass as values.
>
> Could this be screwing with the security somehow, and allowing access to
> unprotected methods of my main class?
It seems to be part of your Python class code...
If this is the case, security checks are disabled for the access
(no security checks in External Methods and Python products).
There may be checks again, if you access the returned object
from DTML/Python Script or other TTW editable objects.
Dieter