[Zope] Error-reporting bug

John R. Daily jdaily@progeny.com
Wed, 28 Feb 2001 16:29:18 -0500


I've noticed in 2.3.0 that if a DTML method is the target of a form
request, and it invokes a Python script which attempts operations with
insufficient privileges, the error reported back to the browser is a
KeyError on one of the variables passed in via the form submission and
forwarded along to the Python script.

This has cost me a lot of troubleshooting time as I either write a new
test page to try the operation and determine what the security issue
really is, or I go through and add proxy capabilities to random Python
scripts that are invoked by the DTML method or the scripts it invokes.

Not to mention the initial hours it took me to figure out that it
wasn't really a KeyError, but rather a security issue.

Is this a known issue that will eventually be resolved, or will this
continue to be a problem?

--                                                                   --
John R. Daily                                        jdaily@progeny.com
Systems Programmer                                Progeny Linux Systems
		  Master of the ephemeral epiphany