[Zope] RE: Globals.DTMLFile vs. DTML Method wrt security
Lalo Martins
lalo@hackandroll.org
Fri, 20 Apr 2001 22:01:24 -0300
On Fri, Apr 20, 2001 at 06:01:48PM -0700, Randall F. Kern wrote:
>
> Is this by design? Is there a way for me to turn this off?
Yes. All code written in the filesystem (be it External
Methods, python code in Products and DTML from HTMLFile) is
outside the access control completely.
The way to work around it is to use hasPermission where
necessary, or even protect the whole method with some
restrictive permission.
[]s,
|alo
+----
--
I say a prayer now our love's departed
That you'll come back to stay
Bring back the perfect day
http://www.laranja.org/ mailto:lalo@laranja.org
pgp key: http://www.laranja.org/pessoal/pgp
Brazil of Darkness (RPG) --- http://www.BroDar.org/