ethan mindlace fremen writes: > Now every object excecutes according to the permision of the owner, > *not* the viewer. It can also run as a proxy role. The > super-bootstrap-user lives outside of "normal" zope authentication & has > permission to do anything save that which NotEvenGodShouldDo. > Therefore, it shouldn't own objects. Am I really expected to understand this "Therefore"? In fact, I do not! Does it mean, that a Superuser can execute any method with *ITS* privileges and not the intersection of its priviledges with the owners privileges? I hope (and expect) not! Why is it much worse when an object is owned by Superuser than by a manager? What are the differences with respect to the Trojan Horse or other security issues? Dieter _______________________________________________ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
