-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In lp:142868 , Jamie Heilmann makes what seems to me to be a good case for removing the current feature which allows suppression Zope2 access rules and site roots via adding tokens to the URL. I find the argument convincing, in spite of having used the feature to get passed a broken site access rule at more than one time in the past. In essence, the feature is a convenience for those who *could* get to the filessystem and restart the server with the equivalent environment variables, but a "jailbreak" for those who could not.
Can anyone presetn a credible defense of the feature? If so, please follow up to the Launchpad issue. I plan to remove the URL based suppression (but ont the part based on os.environ) by the end of the week, unless folks point out issues I have mised. 1 https://bugs.launchpad.net/bugs/142878 Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkvzPcwACgkQ+gerLs4ltQ6wFwCgtUwYRqXWp5FrBzHFM6lmN+1C IsIAoMd8Vrvxasef5JTcbRO3rsgehKS3 =1zlI -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )