[Zope] A small note on security assertions
Chris McDonough
chrism@zope.com
Mon, 14 Jan 2002 11:24:29 -0500
Hi Vio,
It might help if you were to add a comment to this effect to the Zope=20
Developer's Guide on Zope.org. See Documentation -> Zope Developer's=20
Guide -> Chapter 6 (Security).
Thanks!
vio wrote:
> If you are like me and don't like to start coding from scratch, but rat=
her like
> to start modifying an existing and proven source skeleton, like the Bor=
ing
> product for example, one small piece of advice: watch out for conflicti=
ng
> declarations.
>=20
> It took me over one month (give or take) to find out why all my securit=
y
> assertions (such as 'security.declareObjectPublic()' and such) were tot=
ally
> ineffective: because I left '__ac_permissions__' skeleton code hanging=
. Once
> that was commented out, all worked finally as advertized. Still, a mont=
h of
> wasted search, running like a headless chicken through sources and docs=
. Painful
> and frustrating. I hope this little note might save someone similar fru=
stration.
> Because Zope is really, really great.
>=20
> Cheers, Vio
>=20
> fS(^^(TM)=A8=A5-+-fS(^=CES(^=A2=B8!=B6=DA?=FEX=AC=B6=CC=E8=A5=EA+f=F9s(=
S(Ys(Y"=F9b=B2=D8=A7~?=F3=A2--?=A1=CA=E8=B2=CAh=B2=DB(=ACt=CC-=E9=DC=A1=D8=
=A7?=17=A5j=D7?-+-=B2=1Bm=A7=FF=E5S(=CBl=CES(^=A2=B8?^(TM)=A8=A5^(TM)=A9=FF=
-+-S(w=E8=FF:)y=A9=E7=A2=E9=DCz=1Bm=A7=FF=E5S(=CBl=CES(^=A2=B8?^(TM)=A8=A5=
^(TM)=A9=FF-+-S(w=E8=FF:)y=D7=AF
>=20