[Zope] Re: Security Hole
in ZPublisher.BaseRequest.BaseRequest.traverse?
Chris Withers
chris at simplistix.co.uk
Fri Feb 18 06:50:47 EST 2005
Chris McDonough wrote:
> I never quite understood why this was the case (it is definitely
> confusing), but the fact that publisher traversal does not check each
> step has proven handy in situations where I've wanted to allow web
> access to deeply nested folders to people who don't actually have access
> to its parent folders.
Isn't that what the 'access contents information' permition is for?
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope
mailing list