[Zope-dev] Suggestion for small(?) change in BaseRequest.py. Security effects?

Lennart Regebro regebro at nuxeo.com
Fri Sep 3 06:05:38 EDT 2004

Dieter Maurer wrote:
> Lennart Regebro wrote at 2004-9-2 12:38 +0200:
>>Are there any other problems with NOT raising an exception in 
>>unathorized(). Becuase if there is, we probably limit the possible 
>>challenge responses to a redirect, and then this change makes no difference.
> If the traversal made any changes to persistent state, then
> these changes are committed rather than aborted.
> Usually, traversal should not change the persistent state -- but...

Would the transaction.abort() addition suggested by Tino be enough to 
solve that?

More information about the Zope-Dev mailing list