"R. David Murray" wrote:
> > 1) Why does SimpleItem still have this?! Since so much, IIRC, is derived
> > from SimpleItem.Item, surely this goes very much against the grain of
> > 'everything should be protected unless I say otherwise'?
> If you read the docs about the 2.2 security changes, you'll find the
> explication.  Summary:  this is a transitional step.

IIRC, Brian checked in the change, found that it broke stuff and then
reluctantly added this in.
I suppose it's godo to bear in mind :-)

> > 2) Why does having __allow_access_to_unprotected_subobjects__=1 mean
> > that the 'start with _ = hidden/no DTML, no web Access' ruel applies?
> I don't think that's what he meant.  I think he meant that keeping
> that _ behavior was necessary because most objects still use the
> older 'wide open' security model.  But I could be wrong.

Hmm, I'm gonna try and phrase a proposal on dev.zope.org that might
cover this :S



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to