On Wed, 10 Apr 2002 01:30:56 +0300, Myroslav Opyr <[EMAIL PROTECTED]> wrote:
>Is Anonymous able to get out of the shared >object to secure environment? User X is designated as a manager of folder /Xfolder. In todays Zope /Xfolder is a secure environment.... He has no authority over objects outside that folder, thanks to aq_inContextOf Can he create links to objects outside that folder? Links would be pretty useless if not. A common use case would be to create a link /XFolder/banner.gif to /stock_images/banners/mono.gif (for example). However if that is allowed, he now has management rights over that image object. I dont see how 'hard links' can possibly avoid this problem. Toby Dickenson [EMAIL PROTECTED] _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )