[z3-five] Unexpectedly unprotected code
Chris Withers
chris at simplistix.co.uk
Tue Jan 30 08:50:00 CET 2007
Philipp von Weitershausen wrote:
> Sidnei da Silva wrote:
>> On 1/29/07, Chris Withers <chris at simplistix.co.uk> wrote:
>>> Why can an anonymous user cause a view they have no rights to see to be
>>> instantiated?
>>
>> I guess that because you need acquisition context to check rights, and
>> you need an instance to have acquisition context.
>
> Absolutely correct.
Am I right in thinking Zope 3's security machinery doesn't have this
problem?
Are there any plans to move Zope 2 to Zope 3's security machinery?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the z3-five
mailing list