[Zope-dev] Removing URL-based suppression of SiteAccess controls
Tres Seaver
tseaver at palladion.com
Tue May 18 21:24:28 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In lp:142868 [1], Jamie Heilmann makes what seems to me to be a good
case for removing the current feature which allows suppression Zope2
access rules and site roots via adding tokens to the URL. I find the
argument convincing, in spite of having used the feature to get passed a
broken site access rule at more than one time in the past. In essence,
the feature is a convenience for those who *could* get to the
filessystem and restart the server with the equivalent environment
variables, but a "jailbreak" for those who could not.
Can anyone presetn a credible defense of the feature? If so, please
follow up to the Launchpad issue.
I plan to remove the URL based suppression (but ont the part based on
os.environ) by the end of the week, unless folks point out issues I have
mised.
[]1 https://bugs.launchpad.net/bugs/142878
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkvzPcwACgkQ+gerLs4ltQ6wFwCgtUwYRqXWp5FrBzHFM6lmN+1C
IsIAoMd8Vrvxasef5JTcbRO3rsgehKS3
=1zlI
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list