Hi Markus > Betreff: [Zope3-Users] Trusted traversers in z3c.layer: > security concerns
[...] > Since I can't believe that everybody else using `z3c.form` is > also using trusted traversers, I wonder if I am missing > something crucial here ... I don't have time right now, but we meet us a the sprint on Boston. I like to take a closer look a that then. As far as I can remember there is a nother issue with the traverser which resolves it's name with context.__parent__ instead of adapting the parent objecst traverser. I also like to take look at this. Stephan and I hade a couple of discussions about to write a introspection test framework which shows us what can get accessed and what not, based on the configure.zcml directives registered all over the project. Probably we can take another look at this and write some minimal hacker tool wich tries to hack a running server by trying acessing all views and adapters etc. Such a tool should also be able to generate a PDF report showing the security settings. But that's another story... Regards Roger Ineichen > Regards, > > Markus Kemmerling > > Medical University Vienna > Core Unit for Medical Education > P.O. Box 10 A-1097 Vienna > phone: +43-1-40 160-36 863 fax: +43-1-40 160-93 65 00 > http://www.meduniwien.ac.at/bemaw/ > > > _______________________________________________ > Zope3-users mailing list > Zope3-users@zope.org > http://mail.zope.org/mailman/listinfo/zope3-users > _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
