Brian Lloyd wrote:
I don't have a good answer for you, though I tend to agree with
you that some things just don't want to be accessed outside of
some larger context. I'd like to hear some different viewpoints
on how people think something like this should work...
What the difference
Brian Lloyd wrote:
Yes you could, except that you would also make them inaccessible
from DTML (or from anywhere else) for the same class of users.
Is it really acceptable that in order to use dtml-in objectIds
on a page that needs to be accessible to anonymous users that I
must grant
Martijn Faassen wrote:
Brian Lloyd wrote:
Yes you could, except that you would also make them inaccessible
from DTML (or from anywhere else) for the same class of users.
Is it really acceptable that in order to use dtml-in objectIds
on a page that needs to be accessible to anonymous
Martijn Faassen wrote:
Various things. What you'd need is turn off 'view' permission by
default for just about *everything* except possibly DTML Documents,
otherwise it's just too easy to set up a site that exposes too
much. Exposure to URLs should be turned off by default.
Well, this is why