[Zope] <code> tag?
Itamar Shtull-Trauring
itamars@ibm.net
Sun, 29 Aug 1999 11:43:26 +0300
Martijn Pieters wrote:
> There are two methods, one of which is (to me) a very serious security
> breach: document_src (for which you need the View management screens
> permission), and PrincipiaSearchSource, for which you do not need any
> permissions at all. At any Zope2 site, I can add /PrincipiaSearchSource to
> the URL and see the source of that DTML Method/Document.
>
> I just discovered this, and will report it to the Collector.
Are you sure? I tried this in the Zope beta site and I didn't manage to
view the source of any page.
--
Itamar - itamars@ibm.net