[z3-five] Unexpectedly unprotected code
Philipp von Weitershausen
philipp at weitershausen.de
Tue Jan 30 15:12:28 CET 2007
On 30 Jan 2007, at 08:50 , Chris Withers wrote:
> Philipp von Weitershausen wrote:
>> Sidnei da Silva wrote:
>>> On 1/29/07, Chris Withers <chris at simplistix.co.uk> wrote:
>>>> Why can an anonymous user cause a view they have no rights to
>>>> see to be
>>>> instantiated?
>>>
>>> I guess that because you need acquisition context to check
>>> rights, and
>>> you need an instance to have acquisition context.
>> Absolutely correct.
>
> Am I right in thinking Zope 3's security machinery doesn't have
> this problem?
Zope 3's security machinery certainly can't work around the fact that
you first have to instantiate an adapter (=view) before you can make
security assertions on it. In Zope3, therefore, app code doesn't
belong in a view's __init__ either.
As for having acquisition contexts, the default security policy in
Zope 3 wants views to have __parent__ so that it can acquire security
information. This decision isn't part of the security machinery of
Zope3, it's a policy choice.
> Are there any plans to move Zope 2 to Zope 3's security machinery?
Jim has remote plans and Martijn has some wild ideas. I don't see it
happening any time soon, though. It's also not the issue here.
More information about the z3-five
mailing list