[Zope3-checkins] CVS: Zope3/src/zope/products/apidoc -
configure.zcml:1.3
Philipp von Weitershausen
philikon at philikon.de
Wed Feb 4 07:22:59 EST 2004
Update of /cvs-repository/Zope3/src/zope/products/apidoc
In directory cvs.zope.org:/tmp/cvs-serv6613
Modified Files:
configure.zcml
Log Message:
The API doc utility was accessable by anonymous. This could lead to a
potential security leak; even if not, it's giving away too much
information.
This protects the utility with the zope.ManageApplication permission. If
somebody comes up with a more suitable permission, please feel free to
apply that one instead then.
=== Zope3/src/zope/products/apidoc/configure.zcml 1.2 => 1.3 ===
--- Zope3/src/zope/products/apidoc/configure.zcml:1.2 Fri Jan 30 18:19:23 2004
+++ Zope3/src/zope/products/apidoc/configure.zcml Wed Feb 4 07:22:58 2004
@@ -3,7 +3,10 @@
i18n_domain="api_doc">
<class class=".APIDocumentation">
- <allow interface="zope.app.interfaces.container.IReadContainer" />
+ <require
+ interface="zope.app.interfaces.container.IReadContainer"
+ permission="zope.ManageApplication"
+ />
</class>
<traversalNamespace
More information about the Zope3-Checkins
mailing list