> Is this the __allow_access_to_unprotected_subobjects__=1 within the
> Posting class you're referring to? 

It is indeed...

> How big of an issue is it using this
> within Squishdot, I mean, what kind of malicious things could be done to a
> Squishdot site with it set?

Well, it's not going to be any worse that it was before.
In short, I don't know, but I'm not happy with it being in there.

Also, if Zope has some problems in this area, I'd like to find them and
help them get sorted out, for everyone's benefit...

> Do you have any working ideas on how to deal with it without
> _allow_access...=1 ?

I'm playing now ;-)



Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to