[Zope-dev] Re: traversable methods / docstrings.

Jean-Marc Orliaguet jmo at ita.chalmers.se
Mon Jan 30 10:52:41 EST 2006


Tres Seaver wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Jean-Marc Orliaguet wrote:
>
>  
>
>>I didn't know that methods needed to have docstrings to be traversable
>>(it took me some time to find out why I was getting "Not found" errors
>>on some of a tool's methods). Is there any reason to still have such a
>>"feature" in Zope2.9?
>>    
>>
>
>"Publishable methods have docstrings" is the oldest security model in
>Zope / Bobo.  It would open unknown security holes in 3rd party
>applications if we removed that restriction.  Even setting the default
>value of '__allow_access_to_unprotected_subobjects__' to False wouldn't
>help, because there are many products which set that to True for their
>objects, relying on the lack of docstring to make their methods safe
>from direct URL access.
>
>In fact, this restriction is *different* than the "permission-role" one:
> even methods whose roles are None (i.e. public), and therefore can be
>called by scripts run by anonymous users, are prevented from being
>"published" if they have no docstrings.
>
>  
>
>>or at least maybe there could be a hint in the
>>trace log.
>>    
>>
>
>I *thinK* if you run in debug mode with verbose security turned on, it
>suggests that as one possible reason.
>
>
>Tres.
>  
>

One extra difficulty when debugging with that model is that .pyc files 
must be deleted if the .py is modified. since apparently docstrings are 
ignored during the compilation.

But now I know :-)

/JM





More information about the Zope-Dev mailing list