ethan mindlace fremen writes:
 > Now every object excecutes according to the permision of the owner,
 > *not* the viewer. It can also run as a proxy role.  The
 > super-bootstrap-user lives outside of "normal" zope authentication & has
 > permission to do anything save that which NotEvenGodShouldDo. 
 > Therefore, it shouldn't own objects.
Am I really expected to understand this "Therefore"?
In fact, I do not!

Does it mean, that a Superuser can execute any method with
*ITS* privileges and not the intersection of its priviledges
with the owners privileges?
I hope (and expect) not!

Why is it much worse when an object is owned by Superuser
than by a manager?
What are the differences with respect to the Trojan Horse
or other security issues?


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to