[Zope] Re: Security Hole in ZPublisher.BaseRequest.BaseRequest.traverse?

Chris Withers chris at simplistix.co.uk
Thu Feb 17 04:22:30 EST 2005


Tres Seaver wrote:
> This is *by design*, Chris: 

Well, that may be, but what if the design is wrong? ;-)

> it allows for "customers who have
> customers" to set up access to subsites, without requiring that users
> who can see the subsite to have *any* privileges at the layers above.
> In Unixy terms, this is like making the parent directories "a+x" (they
> can be traversed) without requiring that they be "a+r" (readable).

Okay, but what role-to-permissions mappings do you set so that no-one 
can access a particular object's contents, once they know its id?

(ie: o-x)

> FWIW, Zope3 allows this choice to be pluggable, because traversal is
> governed by view components, which are configured by default to check
> access.

Well, this does beg the question: is this how restrictedTraverse works? 
If not, then why isn't restrictedTraverse used?

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk


More information about the Zope mailing list