[Zope] Problems with removing Verbose Security and possibly Apelib
Dieter Maurer
dieter at handshake.de
Sat Feb 12 14:18:37 EST 2005
Chris Kratz wrote at 2005-2-11 12:39 -0500:
> ...
>I removed the Verbose Security from the products directory and from the
>Products list in the control panel and tried the app again.
>
>Unfortunately, this causes the app to break.
> ...
>The last piece of the puzzle is that returning the VerboseSecurity product
>allows the application to start working again, proxy roles and all. Any
>ideas as to why this might be? Is there a chance that the monkey patching
>Verbose Security does is not reversible?
Monkey patches should modify only non persistent objects (such
as classes or modules). This means: their effect disappears
when the process stops...
Debugging might be necessary to understand this puzzle.
By the way, I had the impression that VerboseSecurity becomes
ineffective as soon as you switch to "security-policy" "C"
rather than "python" (but I may well be wrong).
>
>Error Type: Unauthorized
>Error Value: You are not allowed to access 'select' in this context
>
>...last lines in traceback
># PythonScript at /somefunction>
>Line 3
># Module Shared.DC.Scripts.Bindings, line 178, in __getattr__
>Unauthorized: You are not allowed to access 'select' in this context
This exception comes from an "UnauthorizedBinding".
It indicates that you try to access a binding
("context", "container", "here", ...) your script does
not have rights to.
This security tighening was introduced quite late (to fix
a security bug). "VerboseSecurity" may be able to disable
this tighening.
Maybe, the tighening forgets to take proxy roles into account.
But this is only a guess. Almost surely, you must debug the
situation...
--
Dieter
More information about the Zope
mailing list