Pierre-Julien Grizel wrote:
> Hum... A possible way to solve this problem is to practice the "you
> can't do ANYTHING but..." policy... And, thus, according proxy roles to
> the methods that must access it, such as index_html.
> I know it's constraining but with a little work we can end up with
> something quite secure & secret.

It's not secret, you can still use /objectIds and /objectValues to find
out about things...
Secure, yes it is that.
But, it's a lot more than a little work.

What I was suggesting was something to do the grunt work of all this
with the same outcome.

oh well...


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to