[Zope-dev] New-style ExtensionClass, ZODB 3.3, and Zope 2.8 status

Dieter Maurer dieter at handshake.de
Sat Nov 15 06:48:55 EST 2003


Dieter Maurer wrote at 2003-11-14 20:43 +0100:
 > Jim Fulton wrote at 2003-11-13 15:22 -0500:
 >  > ... new security policy for NSEC ...

 > Folklore says that Zope cannot protect attributes of simple types
 > (because they do not provide the method magic that will be lost
 > for NSEC).
 > ...
 > Of course, Zope cannot check a bare value of simple type, but
 > usually it has "container" and/or "parent" and then checking would
 > be easy by looking at related ("__roles__") attributes of the container/parent.
 > 
 > I will see this weekend whether I have been true.
 > If so, the same mechanism could (in principle) be used for
 > methods.

Patch attached.

-- 
Dieter

-------------- next part --------------
A non-text attachment was scrubbed...
Name: AttrSecurity.pat
Type: application/x-patch
Size: 1924 bytes
Desc: Patch providing "a__roles_" protection for attribute "a"
	of simple type
Url : http://lists.zope.org/pipermail/zope-dev/attachments/20031115/26c3be12/AttrSecurity.bin


More information about the Zope-Dev mailing list