-----BEGIN PGP SIGNED MESSAGE-----
Michael Shulman wrote:
> On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:
>>>But... it's still not working for my real site. I think the issue is
>>>this. If script1 has proxy role Manager, and script2 has view
>>>permissions set only for Manager, then script1 can call script2, no
>>>problem. But if script1 instead calls script3, which then calls
>>>script2, it doesn't work unless script3 *also* has proxy role Manager.
>>Yes, this was a deliberate change made a few major releases ago. I've
>>never mich liked it myself for exactly the reason you describe. I wonder
>>if anyone who knows could point out why this change was made, I'm sure
>>the reasons were good...
> Even if the reasons were good, it would be nice to have an option to
> turn it on or off, even if the default is off. At the very least, it
> would be nice if this fact were documented. (Is it somewhere and I
> just missed it?) It surprised me very much, and it would have
> surprised and frustrated me even more if I'd written a site which
> worked and then later on decided to split off the functionality of
> some private script into a secondary one, unsuspecting that it would
> break the proxy roles setup.
The prior behavior (allowing users to access protected resources "above"
the domain of their user folders) was a security hole caused by a bug,
and was never documented as allowable: correcting it was a matter for a
rather urgent fix, as it broke the explicitly-documented model.
The fact that folks wrote applications which relied on the hole is
unfortunate; breaking them is better than leaving the sites built
around the defined model vulnerable to abuse.
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -