[Zope] Why I must set security-property "Access
contents information" to get Data from Database?
Patrick Ulmer
ulmer at truckport.de
Thu Feb 10 02:44:17 EST 2005
Hi,
>>I have protect my folder by using acl_users. But now I must allow access
>>by anonymous to one DTML-Document. This document uses <dtml-in> to get
>>data from my MySQL-Database. To allow acces I have to set the following
>>security properties:
>>
>>1. DTML-Document: View
>>2. Z-SQL-Method: Use Database Methods
>>3. Parent Folder: Access contents information
>>
>>Is that right? 1 is for viewing HTML. 2 and 3 for access Database. I'm
>>not realy sure, why I must set 3? Can somebody explain it?
>>
>>
>
>It allows you to access the parent folder.
>Without it, you get an "Unauthorized" when you handle
>the parent folder in any way in an untrusted context.
>
>
But if I only have a DTML-Document without <dtml-in> only the security
property DTML-Cokument.View is necessary. Is that correct?
Thank,
Patrick
More information about the Zope
mailing list