Re: [Zope] Is there any way to turn off the publishing of externalmethods to the web in Zope?

Jonathan Fri, 26 Jan 2007 11:30:30 -0800

----- Original Message -----From: "Mark, Jonathan (Integic)" <[EMAIL PROTECTED]>

To: "Jonathan" <[EMAIL PROTECTED]>; <[email protected]>
Sent: Friday, January 26, 2007 2:32 PM

Subject: RE: [Zope] Is there any way to turn off the publishing ofexternalmethods to the web in Zope?

Using a proxy role on the calling Python Script worked. My guess is that aclever hacker could call the Python Script continually and then create arace condition that would permit him to call the External Method directlyin a URL, thus passing the External Method his own malicious parameters.

That's why i suggested, in an earlier response, a URL test within theexternal method.

Jonathan

_______________________________________________
Zope maillist  -  [email protected]
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **

(Related lists -http://mail.zope.org/mailman/listinfo/zope-announce

http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Is there any way to turn off the publishing of externalmethods to the web in Zope?

Reply via email to