[Zope] Help (emergency) How to Undo last ZODB transaction when Zope
Joachim Werner
joe@iuveno-net.de
Thu, 2 Aug 2001 13:09:55 +0200
> > http://yoursite/_SUPPRESS_ACCESSRULE/manage
> >
> And I was shocked and dismayed to find out that this actually works.
> It seems like a huge potential security breach for the unwary, since
> it is available for any attacker. Granted, access rules are not really
> intended for security, but it is very easy to assume that they always
work,
> and make decisions with security implications based on that assumption.
I can't see any security-related issues here. I mean, if you don't do
anything against it (like having a packet-filter/firewall/proxy in front of
the Zope server), any of the original ports will still be kind of accessible
anyway. Regardless whether you can override the access rule or not. How
would you "protect" a site using siterules I'm not talking about Apache
siterules, which can savely be used for protection I guess.
Joachim