[Zope-dev] strange priv leak
Jamie Heilman
jamie@audible.transient.net
Sun, 18 May 2003 18:38:46 -0700
Lately I've been noticing that http://host/zopeobject/manage_options
is accessible TTW with no priveleges. Unless I'm on crack, wasn't
always like this. I've been trying to figure out what changed and the
only thing I can discern is is that may be related to using python
2.2. I've seen it happen with 2.6.1 & python 2.2, and I've seen it
happen with HEAD & python 2.2, but never 2.6.1 & python 2.1.3. Can
anyone else corroborate this? Even better does anyone else know how
to fix it? I'm wondering if there's more hanging out in the open than
just some attributes here and there.
--
Jamie Heilman http://audible.transient.net/~jamie/
"We must be born with an intuition of mortality. Before we know the words
for it, before we know there are words, out we come bloodied and squalling
with the knowledge that for all the compasses in the world, there's only
one direction, and time is its only measure." -Rosencrantz