Michael Shulman wrote:
I don't understand what inheriting proxy roles from callers has to do
with allowing users to access protected resources above their user
folders. They seem like totally different questions to me. Could you
please explain?
Nothing, different threads, crossed wires, nothi
David wrote:
I just disagree. If theres a paranoia with the standard set of roles
then prevent *those* from upward acquisition. But if I add a role
*specifically* so it can access a common code pool,
Security is hard enough as it is, special cases like this are something
that Zoep 2 has en
Tres Seaver wrote:
The prior behavior (allowing users to access protected resources "above"
the domain of their user folders) was a security hole caused by a bug,
and was never documented as allowable: correcting it was a matter for a
rather urgent fix, as it broke the explicitly-documented mode
Tres Seaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Shulman wrote:
On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:
But... it's still not working for my real site. I think the issue is
this. If script1 has proxy role Manager, an