Andreas Jung wrote:
> On 29.06.09 12:48, yuppie wrote:
>> 3.) remove security declarations from ZCTextIndex and DateRangeIndex
>> All the other indexes don't have security declarations. AFAICS there is
>> no way to access indexes from untrusted code without having the 'Manage
>> ZCatalogIndex Entries' permission.
> I think that all index implementation should have security assertions?!
'_catalog.indexes' is protected by the underscore and using the
'Indexes' alias is protected by 'Manage ZCatalogIndex Entries'. Only
additional security restrictions would have any effect.
Or am I missing a security hole?
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -