----- Original Message ----- From: "Mark, Jonathan (Integic)" <[EMAIL PROTECTED]>
To: "Jonathan" <[EMAIL PROTECTED]>; <zope@zope.org>
Sent: Friday, January 26, 2007 2:32 PM
Subject: RE: [Zope] Is there any way to turn off the publishing of externalmethods to the web in Zope?

Using a proxy role on the calling Python Script worked. My guess is that a clever hacker could call the Python Script continually and then create a race condition that would permit him to call the External Method directly in a URL, thus passing the External Method his own malicious parameters.

That's why i suggested, in an earlier response, a URL test within the external method.

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to