[Zope] Bug in object security?
Toby Dickenson
tdickenson@geminidataloggers.com
Wed, 23 Feb 2000 09:55:16 +0000
On Tue, 22 Feb 2000 16:36:23 -0600, Tres Seaver
<tseaver@palladion.com> wrote:
>"James W. Howe" <jwh@allencreek.com> wrote:
>>
>> I've encountered a strange behavior with the Zope security mechanism which
>> strikes me as a bug.
Yes, I thought this was a bug the first time I saw it too.
>> When
>> the manage_main dtml is rendered, why doesn't Zope prompt for
>> authentication when manage_main attempts to access objectItems, for example?
The security that you are expecting applies to 'DTML Method' and 'DTML
Document' objects. However it does not apply to dtml files used by
python products, and stored in the file system.
The mechanism is often referred to as 'dtml security'. But that's a
particularly poor name - it doesn't apply to _all_ dtml.
Toby Dickenson
tdickenson@geminidataloggers.com