[z3-five] Unexpectedly unprotected code
Philipp von Weitershausen
philipp at weitershausen.de
Tue Jan 30 00:06:16 CET 2007
Sidnei da Silva wrote:
> On 1/29/07, Chris Withers <chris at simplistix.co.uk> wrote:
>> Why can an anonymous user cause a view they have no rights to see to be
>> instantiated?
>
> I guess that because you need acquisition context to check rights, and
> you need an instance to have acquisition context.
Absolutely correct.
--
http://worldcookery.com -- Professional Zope documentation and training
Next Zope 3 training at Camp5: http://trizpug.org/boot-camp/camp5
More information about the z3-five
mailing list