On Mon, 26 Jun 2000 11:25:51 -0400, Brian Lloyd <[EMAIL PROTECTED]>

>As promised, I've written up a guide for product authors that 
>talks about the security changes in Zope 2.2+, what they mean 
>to product authors and how to ensure that your products work 
>with 2.2:

Thanks, that is a useful resource.


But it has raised some questions......

Firstly, how does the presence of
__allow_access_to_unprotected_subobjects__=1 in a class affect access
to attributes in derived classes? Does it affect the whole instance,
or just attributes of the class that includes it. In the following
example I know subobject_2 is accessible, but what about the others?

class a:
    def subobject_1(self):
        return 1
class b(a):
    def subobject_2(self):
        return 2
class c:
    def subobject_3(self):
        return 3
class d(b,c):
    def __init__(self):
        self.subobject_4 = 4
    def subobject_5(self):
        return 5

Secondly, I am confused that there have not been any security changes
in ObjectManager.py and PropertyManager.py. As I understand it, the
subobjects that they manage (ie properties and folder items) now fall
into the inaccessible-by-default category. What am I missing?

Toby Dickenson

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to