On 28/10/2011 08:46, yuppie wrote: > Is that the fault of the publisher? AFAICT the biggest security problem > of Zope2 is this line in OFS.SimpleItem.Item: > > # Allow (reluctantly) access to unprotected attributes > __allow_access_to_unprotected_subobjects__=1 > > I'm not familiar with the details of the first hotfix, but the second > one wouldn't have been necessary without that line.
Yep, that's what should have been done in the first place. cheers, Chris -- Simplistix - Content Management, Batch Processing & Python Consulting - http://www.simplistix.co.uk _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )