[Zope] UserFolder and errors after owner of an object is deleted

george donnelly george@zettai.net
Mon, 05 Aug 2002 09:46:43 -0500


This is a consequence of the changes enacted to prevent server-side trojan
attacks, I believe. So, its a feature and not a bug ;p

from:
http://www.zope.org//Members/jim/ZopeSecurity/ServerSideTrojan

What happens if the owner goes away?

What if someone deletes the owner from the user database, or deletes the
user database? If the owner can't be found, then we'll use the special user
nobody, which is extremely unprivileged.

regards,
george donnelly
http://zettai.net/
zettai: zope hosting and dynamic websites

> From: Heimo Laukkanen <huima@fountainpark.org>
> 
> I just noticed a funny behaviour, if I have a user in userfolder that
> has created a set of page templates and later I destroy that user - all
> his / her templates stop working and begin to complain, for example,
> 'you don't have rigths to access title in this context'.
> 
> Of course errors disappear when objects are either owned by new user or
> user, named like old user, is created.
> 
> Is there any good reason for something like this happening? A bug in
> security mechanism?