[prev in list] [next in list] [prev in thread] [next in thread]
List: zope-dev
Subject: Re: [Zope-dev] Zope 4 publisher/traversal, sprint topic
From: Chris Withers <chris () simplistix ! co ! uk>
Date: 2011-10-28 8:39:11
Message-ID: 4EAA6A2F.1090006 () simplistix ! co ! uk
[Download RAW message or body]
On 28/10/2011 08:46, yuppie wrote:
> Is that the fault of the publisher? AFAICT the biggest security problem
> of Zope2 is this line in OFS.SimpleItem.Item:
>
> # Allow (reluctantly) access to unprotected attributes
> __allow_access_to_unprotected_subobjects__=1
>
> I'm not familiar with the details of the first hotfix, but the second
> one wouldn't have been necessary without that line.
Yep, that's what should have been done in the first place.
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
https://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
https://mail.zope.org/mailman/listinfo/zope-announce
https://mail.zope.org/mailman/listinfo/zope )
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic