[Zope] Why I must set security-property "Access contents
information" to get Data from Database?
Dieter Maurer
dieter at handshake.de
Wed Feb 9 17:07:29 EST 2005
Patrick Ulmer wrote at 2005-2-8 10:45 +0100:
>I have protect my folder by using acl_users. But now I must allow access
>by anonymous to one DTML-Document. This document uses <dtml-in> to get
>data from my MySQL-Database. To allow acces I have to set the following
>security properties:
>
>1. DTML-Document: View
>2. Z-SQL-Method: Use Database Methods
>3. Parent Folder: Access contents information
>
>Is that right? 1 is for viewing HTML. 2 and 3 for access Database. I'm
>not realy sure, why I must set 3? Can somebody explain it?
It allows you to access the parent folder.
Without it, you get an "Unauthorized" when you handle
the parent folder in any way in an untrusted context.
--
Dieter
More information about the Zope
mailing list