On Thu, 30 May 2002, Chris Withers wrote:

> > People will be really confused to see such results:
> > 
> > http://www.zope.org/Documentation/ZopeBook/Documentation
> > http://www.zope.org/Images
> Why would they see such URLs?

Normally would not. But if I know such a site is managed by Zope, I can 
easily find such a URL with dead loops. I don't know how search engines 
like Google handles this situation, at least it will cause unnecessary 
traffic to the site once a bad guy just simply publish the URL on their 
own page.

I'm a little bit new to Zope. I don't yet have a lot of my own objects
created under Zope. But I think there might be some objects like 
methods or scripts that is URL-sensitive. It will adds lots of
tasks to the script itself to filter off unexpected request URLs to avoid
generating errors that may turn into security holes.

> > Is there a way to setup an object to be uninheritable or as private to
> > avoid this logic? Or maybe we should workout a way to do so.
> If you're interested, take a look at Zope 3. However, in your case, you probably
> need to worry more about why you're generating URLs like the ones above rather
> than the fact that it is possible to do so.

Hackers everywhere. :)

Wei He

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to