[Zope-dev] Security Wierdness

[Michael R. Bernstein]

Hi everyone,

Ok, I'm developing a python Product and have gotten to the stage where I
am adding security declarations. I understand the default policy (once
you've added a ClassSecurityInfo instance to the class and called
InitializeClass(yourClass) ) should be to deny access to methods that
don't have any security declarations.

This doesn't seem to be the case. Even though I have *not* added
security.setDefaultAccess("allow"), access to unprotected methods (both
regular methods and HTMLFile methods) is being allowed rather than
denied.

Protecting methods with a permission works as it should.

Can anyone help diagnose this?

Michael Bernstein.