Hi Terry,

Terry Kerr wrote:
> you can write anything destructive, whether it is an external method, a DTML
> Method, or basically anything.  At least if the only way you can import .zexp's
> is from the import directory, then only people with access to the zope file
> structure can import stuff...that will usually be restricted to system
> administrators or superuser people.

Hm. I dont see the point here. First you can restrict the ability to
Export/Import in the users role.
Second, the either the superuser has to be bothered with imports or
you have to grant all the people access to the file system.
This would be much lesser security as beeing able to import via web.

May be I schould have a deeper look at the ownership-problem.

Giving the importing user ownership over all objects (s)he imports
as long it is not the superuser, schould do the trick.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to