[Zope] Why I must set security-property "Access contents information" to get Data from Database?

Dieter Maurer dieter at handshake.de
Wed Feb 9 17:07:29 EST 2005


Patrick Ulmer wrote at 2005-2-8 10:45 +0100:
>I have protect my folder by using acl_users. But now I must allow access 
>by anonymous to one DTML-Document. This document uses <dtml-in> to get 
>data from my MySQL-Database. To allow acces I have to set the following 
>security properties:
>
>1. DTML-Document: View
>2. Z-SQL-Method: Use Database Methods
>3. Parent Folder: Access contents information
>
>Is that right? 1 is for viewing HTML. 2 and 3 for access Database. I'm 
>not realy sure, why I must set 3? Can somebody explain it?

It allows you to access the parent folder.
Without it, you get an "Unauthorized" when you handle
the parent folder in any way in an untrusted context.

-- 
Dieter


More information about the Zope mailing list