[Zope] Re: aq_base
Dieter Maurer
dieter@handshake.de
Thu, 12 Oct 2000 13:01:08 +0200 (CEST)
Chris Withers writes:
> Dieter Maurer wrote:
> > At least in Zope 2.2.1, "aq_base" was not exposed
> > to DTML.
>
> ....and I don't think it ever would or should be sicne it strips off all
> security context and would probably let you do 'bad things' :-S
I do not think,
an object without any acquisition (and security) context is a big
security risk.
The lack of a security context means, that the default
security setting built into the Zope security policy is
used. In Zope 2.2.2., this means, only "Manager" can do anything,
unless the object itself mapped some permissions itself
to roles (which then remain valid even for the base object).
However, I see another danger.
As old (now fixed) bugs in "ZopeFind" have demonstrated, objects stripped
of their acquisition context lead to very strange errors, where
suddenly even Manager cannot use the object any more.
Thus, I agree that "aq_base" should not be exposed, even if for a
different reason.
Dieter