[Zope-dev] Suggestion for small(?) change in BaseRequest.py. Security effects?

Dieter Maurer dieter at handshake.de
Thu Sep 2 17:01:03 EDT 2004


Lennart Regebro wrote at 2004-9-2 12:38 +0200:
> ...
>Are there any other problems with NOT raising an exception in 
>unathorized(). Becuase if there is, we probably limit the possible 
>challenge responses to a redirect, and then this change makes no difference.

If the traversal made any changes to persistent state, then
these changes are committed rather than aborted.

Usually, traversal should not change the persistent state -- but...

-- 
Dieter


More information about the Zope-Dev mailing list