Philipp von Weitershausen wrote:
Piotr Chamera wrote:
I have removed proxies because I stored selected objects in attribute of
another object with forms generated from schema. But I probably can
remove proxy in set method of that attribute (property) or ... what else
can I store as reference to object in attribute of another object to be
Security proxies can't be stored. They're created upon access. Unless
you *really* know what you're doing, removeAllProxies or
removeSecurityProxies should not occur in your application code. If it
does, it's likely to cause security holes.
I have two objects "author" and "work" in many to many relationship.
I want to store works related to given author in author's attribute and
authors in atribute of work.
.setAuthors  <---- form <---- authors vocabulary <---- 
 ----> works vocabulary ----> form ----> .setWorks 
As You pointed, removing proxy in point  is insecure.
If I pass proxy to vocabulary (can I?) and remove proxy in point  is
it insecure too?
How can I achieve this design in secure way?
Zope3-users mailing list