[Zope-dev] Removing URL-based suppression of SiteAccess controls

Tres Seaver tseaver at palladion.com
Tue May 18 21:24:28 EDT 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In lp:142868 [1], Jamie Heilmann makes what seems to me to be a good
case for removing the current feature which allows suppression Zope2
access rules and site roots via adding tokens to the URL.  I find the
argument convincing, in spite of having used the feature to get passed a
broken site access rule at more than one time in the past.  In essence,
the feature is a convenience for those who *could* get to the
filessystem and restart the server with the equivalent environment
variables, but a "jailbreak" for those who could not.

Can anyone presetn a credible defense of the feature?  If so, please
follow up to the Launchpad issue.

I plan to remove the URL based suppression (but ont the part based on
os.environ) by the end of the week, unless folks point out issues I have
mised.


[]1 https://bugs.launchpad.net/bugs/142878


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkvzPcwACgkQ+gerLs4ltQ6wFwCgtUwYRqXWp5FrBzHFM6lmN+1C
IsIAoMd8Vrvxasef5JTcbRO3rsgehKS3
=1zlI
-----END PGP SIGNATURE-----



More information about the Zope-Dev mailing list