Philipp von Weitershausen wrote:
Piotr Chamera wrote:


I have removed proxies because I stored selected objects in attribute of
another object with forms generated from schema. But I probably can
remove proxy in set method of that attribute (property) or ... what else
can I store as reference to object in attribute of another object to be
secure?

Security proxies can't be stored. They're created upon access. Unless
you *really* know what you're doing, removeAllProxies or
removeSecurityProxies should not occur in your application code. If it
does, it's likely to cause security holes.

I have two objects "author" and "work" in many to many relationship.
I want to store works related to given author in author's attribute and authors in atribute of work.

    .setAuthors [2] <---- form <---- authors vocabulary <---- [1]
work                                                              author
     [1] ---->  works  vocabulary  ----> form ----> .setWorks [2]

As You pointed, removing proxy in point [1] is insecure.
If I pass proxy to vocabulary (can I?) and remove proxy in point [2] is it insecure too?

How can I achieve this design in secure way?

Piotr Chamera



_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to