[Zope] A thing about roles I don't get...

massimo massimop at users.berlios.de
Tue Sep 28 14:51:25 EDT 2004


Alexis Roda wrote:

> massimo wrote:
>
>> Alexis Roda wrote:
>>
>>> IIRC, if the script has proxy role anyone who has access to the 
>>> script can access the protected contents.
>>>
>>>
>>> Regards
>>
>>
>>
>> only the script has the proxy role set and it only return true or 
>> false; there could be some problem I don't see?
>
>
> This morning I was very busy at work and I've skipped the code when 
> reading the message. If it does nothing "dangerous" that's ok. What 
> I've mean was: if the script with proxy role does something on the 
> protected content that can reveal restrictred information you should 
> protect the script too.
>
>
>
> Regards

ok, thanks for reassuring me (I tend to be a bit paranoid...)

massimo



More information about the Zope mailing list