[Zope] Re: Re: [Security] How to encrypt a Zope oid ?

Passin, Tom tpassin at mitretek.org
Mon Sep 15 13:08:05 EDT 2003


[Edward Muller]
> 
> On Mon, 2003-09-15 at 11:48, Passin, Tom wrote:
> [snip]
> 
> >  If you
> > want the pages to appear only within their intended frame, 
> a user with
> > the right browser can easily defeat that intention unless 
> you enforce it
> > using javascript in the page.
> 
> Which isn't secure at all, since someone who is really dedicated would
> just fire up curl, wget, lynx, etc (insert tool of choice here) to
> attempt to grab whatever they want anyway, bypassing any javascript on
> the page.
> 

Right, if we are going to consider people who can ignore or change the
document contents (as opposed to people who just grab the GET parameters
or use the browser's context menu).  Which just goies to emphasize that
the OP has not explained his problem adequately to get a sensible
answer.

Cheers,

Tom P



More information about the Zope mailing list