On Mon, 26 Jun 2000 11:25:51 -0400, Brian Lloyd <[EMAIL PROTECTED]>
wrote:
>As promised, I've written up a guide for product authors that
>talks about the security changes in Zope 2.2+, what they mean
>to product authors and how to ensure that your products work
>with 2.2:
Thanks, that is a useful resource.
>http://www.zope.org/Documentation/How-To/ProductAuthorUpdateGuide/index_html
But it has raised some questions......
Firstly, how does the presence of
__allow_access_to_unprotected_subobjects__=1 in a class affect access
to attributes in derived classes? Does it affect the whole instance,
or just attributes of the class that includes it. In the following
example I know subobject_2 is accessible, but what about the others?
class a:
def subobject_1(self):
return 1
class b(a):
__allow_access_to_unprotected_subobjects__=1
def subobject_2(self):
return 2
class c:
def subobject_3(self):
return 3
class d(b,c):
def __init__(self):
self.subobject_4 = 4
def subobject_5(self):
return 5
Secondly, I am confused that there have not been any security changes
in ObjectManager.py and PropertyManager.py. As I understand it, the
subobjects that they manage (ie properties and folder items) now fall
into the inaccessible-by-default category. What am I missing?
Toby Dickenson
[EMAIL PROTECTED]
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
