[Zope-CMF] Security problem in CMF

[Dieter Maurer]

Jeff Coleman wrote at 2003-6-3 14:41 -0500:
 > Should objects in a skin folder IGNORE the security setting of the skin
 > folder they are in?

I fear, yes...

 > Considering how Zope security works with acquisition I think this is a
 > BIG security problem.

All objects made available via the SkinsTool see the portal
as their container.
The acquisition structure representing the path from
the portal to the object is dropped and therefore unavailable
for security checks.

Changing this now would break lots of code...


Dieter