[Zope-dev] New-style ExtensionClass, ZODB 3.3, and Zope 2.8 status
Dieter Maurer
dieter at handshake.de
Sat Nov 15 06:48:55 EST 2003
Dieter Maurer wrote at 2003-11-14 20:43 +0100:
> Jim Fulton wrote at 2003-11-13 15:22 -0500:
> > ... new security policy for NSEC ...
> Folklore says that Zope cannot protect attributes of simple types
> (because they do not provide the method magic that will be lost
> for NSEC).
> ...
> Of course, Zope cannot check a bare value of simple type, but
> usually it has "container" and/or "parent" and then checking would
> be easy by looking at related ("__roles__") attributes of the container/parent.
>
> I will see this weekend whether I have been true.
> If so, the same mechanism could (in principle) be used for
> methods.
Patch attached.
--
Dieter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AttrSecurity.pat
Type: application/x-patch
Size: 1924 bytes
Desc: Patch providing "a__roles_" protection for attribute "a"
of simple type
Url : http://lists.zope.org/pipermail/zope-dev/attachments/20031115/26c3be12/AttrSecurity.bin
More information about the Zope-Dev
mailing list