[Zope] Zope product security question

[Paul Winkler]

On Mon, Mar 10, 2003 at 03:33:18PM -0600, Michael R. Schwab wrote:
> I've noted two different methods for declaring security in a class.
(snip)
> The second method, which I believe to be the most recent,

that's correct.


> The second method seems to be the newest and most logical approach.
> The being exception that the default security access to 'deny' does
> not permit me to access attributes from my class that are basic Python
> types such as strings (e.g. meta_type from a DTML Method).  I could
> declare the default security access to 'allow', but that seems
> inherently dangerous from a security standpoint.

I think what you're looking for is
__allow_access_to_unprotected_subobjects__ = 1

or, just make declarations on specific attributes:

security.declarePublic('meta_type')
self.meta_type = "blah"

-- 

Paul Winkler
http://www.slinkp.com