ethan mindlace fremen writes:
 > Now every object excecutes according to the permision of the owner,
 > *not* the viewer. It can also run as a proxy role.  The
 > super-bootstrap-user lives outside of "normal" zope authentication & has
 > permission to do anything save that which NotEvenGodShouldDo. 
 > Therefore, it shouldn't own objects.
Am I really expected to understand this "Therefore"?
In fact, I do not!

Does it mean, that a Superuser can execute any method with
*ITS* privileges and not the intersection of its priviledges
with the owners privileges?
I hope (and expect) not!

Why is it much worse when an object is owned by Superuser
than by a manager?
What are the differences with respect to the Trojan Horse
or other security issues?


Dieter

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to