On 22 Nov 2005, at 20:08, Dieter Maurer wrote:
You have lost the thread's start:

  George's problem has been that he could not move an object
  in an *EXTERNAL METHOD*, i.e. in trusted filesystem code.

  He would have the same problem in a filesystem product.

  The problem is that "CopySupport" performs a local security
  check (in "_verifyObjectPaste") independent from its caller
  (it does not matter whether the rename/move/copy was
  called from trusted or untrusted code).

With appropriate proxy roles, an untrusted Python Script can perform some
  rename/move/copy that trusted code is unable to perform.

I assume you can agree that this is a somewhat unsane situation...

Yes, that's very odd...  thanks for reminding me of the thread's start!


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to