[Zope] Re: Security Hole in
ZPublisher.BaseRequest.BaseRequest.traverse?
Chris Withers
chris at simplistix.co.uk
Thu Feb 17 04:22:30 EST 2005
Tres Seaver wrote:
> This is *by design*, Chris:
Well, that may be, but what if the design is wrong? ;-)
> it allows for "customers who have
> customers" to set up access to subsites, without requiring that users
> who can see the subsite to have *any* privileges at the layers above.
> In Unixy terms, this is like making the parent directories "a+x" (they
> can be traversed) without requiring that they be "a+r" (readable).
Okay, but what role-to-permissions mappings do you set so that no-one
can access a particular object's contents, once they know its id?
(ie: o-x)
> FWIW, Zope3 allows this choice to be pluggable, because traversal is
> governed by view components, which are configured by default to check
> access.
Well, this does beg the question: is this how restrictedTraverse works?
If not, then why isn't restrictedTraverse used?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list