[Zope-dev] AccessControl bug fixed

Hanno Schlichting hanno at hannosch.eu
Thu Aug 23 15:30:41 UTC 2012


On Thu, Aug 23, 2012 at 5:23 PM,  <lists at nidelven-it.no> wrote:
> does this have any security implications?

In short: No.

Long answer: Not unless you have very custom code similar to what's in
the provided test (providing a custom rolesForPermissionOn callable on
a class). And that code would have never worked as intended or at
least it would have already been broken in Zope 2.12.

Hanno


More information about the Zope-Dev mailing list