[Zope] Security Problems?

[Chris McDonough]

> For example, using the ZPT stuff, if you put here/title as an output
> variable (similar to <dtml-var title>), you get the same unauthorized
> traceback as stated below.  This means that the object doesn't have access
> to it's own properties, surely not!

This *might* be a bug in ZPT... If I were you, I might try asking a
question about this on the ZPT list... or maybe someone who knows lots
about ZPT will stumble upon it here.

> I'm not saying that there is a security hole in Zope, quite the opposite.
> Access is being denied to things that the current user should have access
> to.  This has meant that I'm having to loosen security on some of my 'bits'
> to allow the user to see things correctly.  This only started happening with
> 2.3.x (and maybe some of the betas). Zope 2.2.x did not to seem to have this
> problem.

If there's places in Zope where it's broken, we'd like to know...
thanks!

- C