[Zope] IIS and Zope share same problem :-S

Chris Withers chrisw@nipltd.com
Mon, 06 Nov 2000 12:22:11 +0000


Pierre-Julien Grizel wrote:
> 
> Hum... A possible way to solve this problem is to practice the "you
> can't do ANYTHING but..." policy... And, thus, according proxy roles to
> the methods that must access it, such as index_html.
> I know it's constraining but with a little work we can end up with
> something quite secure & secret.

It's not secret, you can still use /objectIds and /objectValues to find
out about things...
Secure, yes it is that.
But, it's a lot more than a little work.

What I was suggesting was something to do the grunt work of all this
with the same outcome.

oh well...

Chris