[Zope-dev] Zope 4 publisher/traversal, sprint topic
Chris Withers
chris at simplistix.co.uk
Fri Oct 28 08:39:11 UTC 2011
On 28/10/2011 08:46, yuppie wrote:
> Is that the fault of the publisher? AFAICT the biggest security problem
> of Zope2 is this line in OFS.SimpleItem.Item:
>
> # Allow (reluctantly) access to unprotected attributes
> __allow_access_to_unprotected_subobjects__=1
>
> I'm not familiar with the details of the first hotfix, but the second
> one wouldn't have been necessary without that line.
Yep, that's what should have been done in the first place.
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list