Hi, During the development of my application I suddenly noticed that my context-objects had no security proxy around them, which is bad, as then data is open to everyone.
After searching and fiddling around, I recognized that this happens when I use a layer/skin that inherits from z3c.layer.pagelet.IPageletBrowserLayer. If I inherit from e.g. zope.publisher.interfaces.browser.IBrowserRequest, things work. To prove this, I attached a minimal demonstration to this mail - in the __init__.py file, the offending code is demonstrated. After installing and adding the object via the ZMI, one can access these links: http://localhost:8080/MyappSite/index.html http://localhost:8080/++skin++Myapp/MyappSite/index1.html It can be seen, that the second link, which is based on a skin inheriting from the IPageletBrowserLayer, has no security proxies around the context. Interestingly, I develop another application, which is also based on IPageletBrowserLayer which does not suffer from this problem, so I don't really understand what's happening. I tried to debug the problem but I was stuck at the implementation of queryMultiAdapter which seems to somehow magically remove the security Proxy. I tested this with Python 2.4.4, Zope-3.4.0b2 and Zope-3.4.0c1 and the current SVN-versions of z3c.layer. Do you have any clue how to solve this problem? Best Regards, Hermann -- [EMAIL PROTECTED] GPG key ID: 299893C7 (on keyservers) FP: 0124 2584 8809 EF2A DBF9 4902 64B4 D16B 2998 93C7
myapp.tgz
Description: application/tgz
_______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
