[Zope-dev] Development note
Michel Pelletier
michel@digicool.com
Wed, 10 May 2000 12:12:45 -0700
Zope 2.2 has a new security API. Amid all the trojan news, I wanted to
remind developers of Zope products that this new API should be used in
many cases where users traditionally queried AUTHENTICATED_USER for
something.
If, in your code, you get information from the AUTHENTICATED_USER object
then you should take a good look at the new API. Unless developers
switch to this API, their products are potentially less secure than code
that does use this API.
All the details are in the Wiki...
http://www.zope.org/Members/michel/Projects/Interfaces/SecurityPolicies
--
-Michel Pelletier
http://www.zope.org/Members/michel/MyWiki
Visit WikiCentral for the latest Zen:
http://www.zope.org/Members/WikiCentral