[Zope] ATTN: Zope Security Alert

Chris McDonough chrism@zope.com
Sat, 4 Aug 2001 18:35:04 -0400


Yes, as users can call a Method A, which they shouldn't be able to call via
the publisher because it's defined in a place where they shouldn't be able
to get to it, given that they have a Role X in the place they're defined,
and Method A is protected also by a permission granted to role X.

----- Original Message -----
From: "Chris Withers" <chrisw@nipltd.com>
To: "Chris McDonough" <chrism@zope.com>; <zope@zope.org>
Sent: Saturday, August 04, 2001 5:19 PM
Subject: Re: [Zope] ATTN: Zope Security Alert


> > http://www.zope.org/Products/Zope/Hotfix_2001-08-04/README.txt
>
> Does this problem affect Zope setups where semi-trusted users are _not_
> allowed to edit TTW code?
>
> cheers,
>
> Chris
>
>