If it is an issue for XML-RPC users, maybe there should be a
"Traversable" permission on Folder objects that could default to not
allowing web-traversal, but allowing it to be enabled if desired.

Would this affect FTP access to folders?


Brian Lloyd wrote:

> This is something that has come up before. I propose
> that the real problem here is that 'objectIds' should
> not be web-traversable.
> I have, in fact, proposed this before. It caused a bit
> of grumbling among people using xml-rpc, who were using
> objectIds remotely, so we never came to closure on it.
> This comes up often enough that I'm inclined to do
> something about it for 2.3. I propose that objectIds
> (and objectValues) will not be directly accessible
> via the Web in 2.3. For xml-rpc applications, it should
> be a simple enough task to create a Python Script (or
> even a DTML Method) that *is* Web accessible to relay
> that information if it is needed.
> Thoughts?
> Brian Lloyd        [EMAIL PROTECTED]
> Software Engineer  540.371.6909
> Digital Creations  http://www.digicool.com

Paul Erickson       | [EMAIL PROTECTED]
Kaivo, Inc.         | www.kaivo.com

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to