Evan -
I believe I have found a situation while using python methods that
exposes a security hole. A user that can create python methods can
grant the Manager role to himself by simply writing and then calling
the manage_users method. This issue might also apply to other
scenarios.
I created a
Will start from MS-Dos? Starting it using the start.bat file will produce an
output of errors encoutered.
--
Andy McKay.
- Original Message -
From: "Nai A. Tzeo" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 30, 2001 5:31 PM
Subject: [Zope-dev] Zope Service Won't S
Hello,
I've encountered a slight problem. My company is running Zope as an NT
service and it's been running great for a few months but it stopped working
today. I was installing ZmxODBCDA by copying the files from the zip to
Zope. After copying the files over, I restarted Zope via NT Service.
On Tue, 30 Jan 2001, Chris Withers wrote:
> Hi,
>
> How active/relevant is the interfaces wiki at:
> http://www.zope.org/Members/michel/Projects/Interfaces
Not active, mostly relevant.
> I'm trying to figure out how RoleManagers, local roles, etc work and where the
> work of Zope Security is a
Ross,
Can you file this in the collector? I believe you. :-)
- Original Message -
From: "Ross Lazarus" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 30, 2001 11:14 AM
Subject: [Zope-dev] 2.30 help system authentication problem?
> I never allow anonymous to have a
I never allow anonymous to have any permissions in my zope root and I
have just noticed that I have to grant the view right to anonymous or
the help button gives me an authentication error - even when I'm logged
in as manager/owner.
Is it just me? New 2.30 source install on solaris 2.6 using an o
It's an abortive effort to write up developer docs for Zope. I hope to
revive it. There's an outline at
http://www.zope.org//Wikis/Docs/ProductDevelopersGuide that I hoped to
accomplish. It's not quite there yet. ;-)
- Original Message -
From: "Chris Withers" <[EMAIL PROTECTED]>
To:
Hi folks,
It turns out that the released versions of the CookieCrumbler product have
a terrible security hole. I recommend you uninstall it immediately.
I'm not going to be able to deal with the problem fully today, but if
you're interested in getting a solution right away you can grab today's
Chris McDonough wrote:
>
> This might be helpful:
>
> http://www.zope.org/Members/mcdonc/PDG/6-1-Security.stx
Cool... I'll take a look. BTW, what's the PDG? I hadn't heard of it before...
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
ht
This might be helpful:
http://www.zope.org/Members/mcdonc/PDG/6-1-Security.stx
- Original Message -
From: "Chris Withers" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, January 30, 2001 8:58 AM
Subject: [Zope-dev] Interfaces Wiki & Security Stuff
> Hi,
>
> How active/releva
Hi,
How active/relevant is the interfaces wiki at:
http://www.zope.org/Members/michel/Projects/Interfaces
I'm trying to figure out how RoleManagers, local roles, etc work and where the
work of Zope Security is actually done.
I've found ZopeSecurityPolicy.py and bits of stuff in Roles.py, and a f
11 matches
Mail list logo