Re: [Zope-dev] Zope 4 publisher/traversal, sprint topic

Chris Withers Fri, 28 Oct 2011 01:39:07 -0700

On 28/10/2011 08:46, yuppie wrote:
> Is that the fault of the publisher? AFAICT the biggest security problem
> of Zope2 is this line in OFS.SimpleItem.Item:
>
>       # Allow (reluctantly) access to unprotected attributes
>       __allow_access_to_unprotected_subobjects__=1
>
> I'm not familiar with the details of the first hotfix, but the second
> one wouldn't have been necessary without that line.


Yep, that's what should have been done in the first place.

cheers,

Chris

-- 
Simplistix - Content Management, Batch Processing & Python Consulting
             - http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope-announce
 https://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Zope 4 publisher/traversal, sprint topic

Reply via email to