On Thu, 30 May 2002, Chris Withers wrote: > > People will be really confused to see such results: > > > > http://www.zope.org/Documentation/ZopeBook/Documentation > > http://www.zope.org/Images > > Why would they see such URLs?
Normally would not. But if I know such a site is managed by Zope, I can easily find such a URL with dead loops. I don't know how search engines like Google handles this situation, at least it will cause unnecessary traffic to the site once a bad guy just simply publish the URL on their own page. I'm a little bit new to Zope. I don't yet have a lot of my own objects created under Zope. But I think there might be some objects like methods or scripts that is URL-sensitive. It will adds lots of tasks to the script itself to filter off unexpected request URLs to avoid generating errors that may turn into security holes. > > > Is there a way to setup an object to be uninheritable or as private to > > avoid this logic? Or maybe we should workout a way to do so. > > If you're interested, take a look at Zope 3. However, in your case, you probably > need to worry more about why you're generating URLs like the ones above rather > than the fact that it is possible to do so. Hackers everywhere. :) Wei He _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )