[Zope] properties security ?

Julián Muñoz jmunoz@telefonica.net
Thu, 2 May 2002 22:43:35 +0000 (GMT)


I would like to know howto limit the access to the properties of a folder.

For example, now everybody can view them doing a xml-rpc query like (in
python):

>>> w=xmlrpclib.Server('http://www.my_server.com/')
>>> w.propertyItems()


Disabling "Access contents information" permission of the folder for
anonymous solves this.

But I haven't found any reference about this, and I don't know if this is
correct. At a first glance, changing this permission is annoying, because
many other objects acquire this property from there (the folder is the
root folder of a project), and "nothing" works well ....


Is there another permission ? (It doesn't seem...)

Or is storing sensible datas in folder properties a really bad idea ?


Thank you !

-- 

      __o
    _ \<_
   (_)/(_)

Saludos de Julián
EA4ACL
-.-