[z3-five] Unexpectedly unprotected code
Sidnei da Silva
sidnei at enfoldsystems.com
Tue Jan 30 00:02:20 CET 2007
On 1/29/07, Chris Withers <chris at simplistix.co.uk> wrote:
> Why can an anonymous user cause a view they have no rights to see to be
> instantiated?
I guess that because you need acquisition context to check rights, and
you need an instance to have acquisition context.
--
Sidnei da Silva
Enfold Systems http://enfoldsystems.com
Fax +1 832 201 8856 Office +1 713 942 2377 Ext 214
More information about the z3-five
mailing list