[Zope-dev] ZCatalog madness. (Must log in as emergencyuser.)
Chris McDonough
chrism@digicool.com
Thu, 22 Feb 2001 13:21:15 -0500
You can get the object, but you can't do anything with it.
----- Original Message -----
From: "Steve Alexander" <steve@cat-box.net>
To: "Chris McDonough" <chrism@digicool.com>
Cc: "Erik Enge" <erik@esol.no>; <zope-dev@zope.org>; <jens@digicool.com>
Sent: Thursday, February 22, 2001 12:38 PM
Subject: Re: [Zope-dev] ZCatalog madness. (Must log in as emergencyuser.)
> Chris McDonough wrote:
>
> > I'm not sure why this isn't in 2.3.1b1, but yes, the code in getobject
was
> > changed to use unrestrictedTraverse for this very reason.
>
> Does that open up a security hole?
>
> Can I get to an object via the getobject method of ZCatalog that I can't
get to otherwise?
>
> I thought that was the reason it was changed to restrictedTraverse in the
first place.
>
>
> --
> Steve Alexander
> Software Engineer
> Cat-Box limited
> http://www.cat-box.net
>
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
>