[Zope] Help (emergency) How to Undo last ZODB transaction when
Zope
Bill Anderson
bill@immosys.com
02 Aug 2001 10:25:36 -0600
On 02 Aug 2001 11:41:06 +0300, Shai Berger wrote:
>
> Chris wrote,
> >
> > Try:
> >
> > http://yoursite/_SUPPRESS_ACCESSRULE/manage
> >
> And I was shocked and dismayed to find out that this actually works.
> It seems like a huge potential security breach for the unwary, since
> it is available for any attacker. Granted, access rules are not really
> intended for security, but it is very easy to assume that they always work,
> and make decisions with security implications based on that assumption.
>
> I read digests, so I only saw Gerd's request for help now; I would expect
> the right answer to be what the AccessRule product says:
> """
> If an Access Rule is broken, and is preventing normal access, it can be disabled
> by restarting Zope with environment variable SUPPRESS_ACCESSRULE set.
> """
> Because this is only available to people who can manage Zope anyway.
>
Well, for those running a zserver with, say dozens of virtual hosts, it
would really suck to have to restart everybody's sites, just for one
site's mistake.
Bill