Re: [Zope-dev] Possible security problem with DTML
On Fri, 2003-03-21 at 20:08, kosh wrote: I am having a problem where DTML is allowing access to an attribute of an object that restrictedTraverse and regular . notation denies from a python script. This is pretty serious. You should post this as a bug in the collector. Cheers, Leo -- Ideas don't stay in some minds very long because they don't like solitary confinement. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Possible security problem with DTML
On Monday 24 March 2003 09:05 am, Leonardo Rochael Almeida wrote: On Fri, 2003-03-21 at 20:08, kosh wrote: I am having a problem where DTML is allowing access to an attribute of an object that restrictedTraverse and regular . notation denies from a python script. This is pretty serious. You should post this as a bug in the collector. Cheers, Leo Yeah I will report this to the collector I just wanted to see if anyone else had seen this or thought it was a bug or some really weird thing that is supposed to happen but not documented. It would not be the first time that zope had some really strange stuff in it. ;) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Possible security problem with DTML
On 03/24/2003 12:28 PM, kosh wrote: On Monday 24 March 2003 09:05 am, Leonardo Rochael Almeida wrote: On Fri, 2003-03-21 at 20:08, kosh wrote: I am having a problem where DTML is allowing access to an attribute of an object that restrictedTraverse and regular . notation denies from a python script. This is pretty serious. You should post this as a bug in the collector. Cheers, Leo Yeah I will report this to the collector I just wanted to see if anyone else had seen this or thought it was a bug or some really weird thing that is supposed to happen but not documented. It would not be the first time that zope had some really strange stuff in it. ;) Are you talking about a DTMLFile in a Python product? DTMLFiles do not check security (nor do they normally need to, since they are trusted). Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )