[Zope3-checkins] CVS: Zope3/src/zope/products/apidoc - configure.zcml:1.3

Philipp von Weitershausen philikon at philikon.de
Wed Feb 4 07:22:59 EST 2004


Update of /cvs-repository/Zope3/src/zope/products/apidoc
In directory cvs.zope.org:/tmp/cvs-serv6613

Modified Files:
	configure.zcml 
Log Message:
The API doc utility was accessable by anonymous. This could lead to a
potential security leak; even if not, it's giving away too much
information.
This protects the utility with the zope.ManageApplication permission. If
somebody comes up with a more suitable permission, please feel free to
apply that one instead then.


=== Zope3/src/zope/products/apidoc/configure.zcml 1.2 => 1.3 ===
--- Zope3/src/zope/products/apidoc/configure.zcml:1.2	Fri Jan 30 18:19:23 2004
+++ Zope3/src/zope/products/apidoc/configure.zcml	Wed Feb  4 07:22:58 2004
@@ -3,7 +3,10 @@
   i18n_domain="api_doc">
 
   <class class=".APIDocumentation">
-    <allow interface="zope.app.interfaces.container.IReadContainer" />
+    <require
+        interface="zope.app.interfaces.container.IReadContainer"
+        permission="zope.ManageApplication"
+        />
   </class>
 
   <traversalNamespace




More information about the Zope3-Checkins mailing list