On Wed, 10 Apr 2002 01:30:56 +0300, Myroslav Opyr

>Is Anonymous able to get out of the shared 
>object to secure environment?

User X is designated as a manager of folder /Xfolder. In todays Zope
/Xfolder is a secure environment.... He has no authority over objects
outside that folder, thanks to aq_inContextOf

Can he create links to objects outside that folder?

Links would be pretty useless if not. A common use case would be to
create a link /XFolder/banner.gif to /stock_images/banners/mono.gif
(for example).

However if that is allowed, he now has management rights over that
image object.

I dont see how 'hard links' can possibly avoid this problem.

Toby Dickenson

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to