In article <[EMAIL PROTECTED]>,
Brian Lloyd  <[EMAIL PROTECTED]> wrote:
> > How come you can browse things like the objectIds and objectValues
> > methods through the web? Surely this is exposing information 
> > that people
> > shouldn't really know about?
> You're right - and stop calling me shirley. :) This is something of

Hmm, another ZAZ fan :-)

> a holdover from the bobo days - if you are a method and you have a
> docstring, you are accessible through the web (but still subject to 
> the std security rules). objectIds and objectValues are a good 
> example of things that really only want to be used from DTML and 
> thus shouldn't have docstrings. I've changed this (and a few other
> iffy methods) for the next release.

Won't this break Amos' XML-RPC-based editor and similar hacks?

Can't you just turn off 'Access contents information' permission or
whatever it is on a folder if you don't want people to call
those things trough the web?

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to