Jens Vagelpohl wrote at 2005-11-20 19:01 +0100: > ... >IMHO proxy roles should be used extremely sparingly, if at all. They >are a last resort and I personally never use them. Matter of fact I >believe having to use them means the application design could use >some improvement... > >If something needs to be done with elevated privileges it should be >in filesystem product code or, if that is not feasible, in an >external method. At least that's my philosophy ;)
You have lost the thread's start: George's problem has been that he could not move an object in an *EXTERNAL METHOD*, i.e. in trusted filesystem code. He would have the same problem in a filesystem product. The problem is that "CopySupport" performs a local security check (in "_verifyObjectPaste") independent from its caller (it does not matter whether the rename/move/copy was called from trusted or untrusted code). With appropriate proxy roles, an untrusted Python Script can perform some rename/move/copy that trusted code is unable to perform. I assume you can agree that this is a somewhat unsane situation... -- Dieter _______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
