Paul Winkler wrote:
On Wed, Mar 08, 2006 at 10:52:09PM +0100, yuppie wrote:
You could access the edit view with 'edit.html' instead of '@@edit.html', but that has a major drawback: View names are not protected in any way if used without '@@'. You can easily screw up your site by adding content with the ID 'edit.html'.


Could you elaborate?  Does "not protected" mean that security
is bypassed??? or what?

Sorry. I thought the context makes clear what I mean. Protected against overriding. Any user who is allowed to add content can override them with content objects.

Cheers, Yuppie

_______________________________________________
Zope-CMF maillist  -  Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Reply via email to