[Zope] Re: security.declarePrivate allows access to all authenticated
users
Itai Tavor
itai@optusnet.com.au
Wed, 29 Aug 2001 14:46:22 +1000
Forgot to mention: Using Zope 2.3.2.
>Hi,
>
>I got the following class:
>
>from AccessControl import ClassSecurityInfo
>from Products.ZPatterns.Specialists import Specialist
>import Globals
>
>class MyClass(Specialist):
>
> security = ClassSecurityInfo()
>
> security.declarePrivate('test')
> def test(self):
> return 'test'
>
>Globals.InitializeClass(MyClass)
>
>
>Foolish old trusting me thought that 'test' would not be accessible
>from restricted code. And it really isn't accessible to anonymous
>users, but is freely accessible to all authenticated users.
>
>Why?
--
--
Itai Tavor -- "Je sautille, donc je suis." --
itai@optusnet.com.au -- - Kermit the Frog --
-- --
-- "If you haven't got your health, you haven't got anything" --