Re: Voodoo with ModuleSecurityInfo, was Re: [Zope] importing encode_base64

Dieter Maurer Fri, 10 Jun 2005 13:43:51 -0700

Paul Winkler wrote at 2005-6-9 15:42 -0400:
> ...
>> >ModuleSecurityInfo('Products.FooProduct').declarePublic(
>> >    'blah', 'foo')
>> 
>> This allows something like:
>> 
>>      from Products.FooProduct import foo
>> 
>> But, in fact, you use
>> 
>>      from Products.FooProduct import Utils
>>      ... Utils.foo ...
>> 
>> Strange, that it worked at all...
>
>Yeah, I think I just happened to hit on some undocumented
>behavior that *mostly* works.


Maybe, you should file a bug report:

  Undocumented security related features might be viewed
  as security holes...
  Especially, if something unexpectedly becomes possible...

  However, I think, this one in not overly critical.


-- 
Dieter
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: Voodoo with ModuleSecurityInfo, was Re: [Zope] importing encode_base64

Reply via email to