[Zope-dev] Security still wierd
Dieter Maurer
dieter@handshake.de
Tue, 31 Jul 2001 21:36:53 +0200 (CEST)
Michael R. Bernstein writes:
> ...
> Classes in Python products that inherit from OFS.SimpleItem.SimpleItem
> or OFS.SimpleItem.Item have an attribute set:
>
> __allow_access_to_unprotected_subobjects__ = 1
>
> This allows all class attributes and subobjects that are not explicitly
> private or protected by a permission to be accessed from the restricted
> code environment, or directly traversed into by a web browser.
>
> Supposedly, setting __allow_access_to_unprotected_subobjects__ = 0
> inside your class will return the behaviour to the default (access not
> explicitly allowed is denied), but this doesn't seem to work for me.
It should work.
Maybe "initializeClass" overwrites it again.
Try to set it after the "initializeClass":
initializeClass(klass)
klass.__allow_access_to_unprotected_subobjects__ = 0
Dieter