On 28/10/2011 08:46, yuppie wrote:
> Is that the fault of the publisher? AFAICT the biggest security problem
> of Zope2 is this line in OFS.SimpleItem.Item:
>       # Allow (reluctantly) access to unprotected attributes
>       __allow_access_to_unprotected_subobjects__=1
> I'm not familiar with the details of the first hotfix, but the second
> one wouldn't have been necessary without that line.

Yep, that's what should have been done in the first place.



Simplistix - Content Management, Batch Processing & Python Consulting
             - http://www.simplistix.co.uk
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to