[Zope3-Users] Re: Permissions for updateOrder() on OrderedContainer
Arne Nordmann
mail at arne-nordmann.de
Thu Aug 10 04:11:05 EDT 2006
Hi Phillip,
I didn't spend much time in finding out about removeAllProxies. This
trick came to me along with a serious warning via email as an answer to
my mailing list message.
I just used this cheating to find out, if the way I'm going besides that
is possible. Now that I know, that it's working, I will read the other
answers carefully and will try to understand what's going on there and
how I can do it without ignoring this red, blinking lamp :)
Thanks for your support,
Arne
Philipp von Weitershausen schrieb:
> Arne Nordmann wrote:
>>> thank you very much indeed for your answers. I use
>>> removeAllPermissions() at the moment to have an ad hoc solution and
>>> now will busy myself with your ideas.
>> For the sake of correctness: I ment to write removeAllProxies()
>
> removeAllProxies simply disables security checking. Big red warning
> lights should go on in your head whenever you want to use it.
>
> It seems like you invested some time in finding out about
> removeAllProxies instead of following our advice. Tom Dossis even
> spelled it out for you. If you choose to ignore this, you're on your
> own. Don't expect Zope to do much security for you when you ignore its
> system completely.
>
> Philipp
More information about the Zope3-users
mailing list