[Zope-dev] restrictedTraverse() security problem

[Clemens Robbenhaar]

Hi Terry,

 just a short hint:

 [...]
 > 
 > I have not yet been able to figure out where "validate()" is actually
 > defined -- it seems the securityManager object expects to inherit
 > or acquire it from somewhere.
 [...]

Starting Zope with the envoronment variable:

 ZOPE_SECURITY_POLICY=PYTHON

should give a better traceback -- currently some code is hidden from the
traceback, as it is implemented as a C extension.

 Maybe Shane's VerboseSecurity does tell you more? I found it quite
useful (the above hint is actually from the readme of that product).
http://hathaway.freezope.org/Software/VerboseSecurity

Cheers,
Clemens