[Zope] Security Hole in ZPublisher.BaseRequest.BaseRequest.traverse?

Dieter Maurer dieter at handshake.de
Wed Feb 16 13:04:41 EST 2005


Chris Withers wrote at 2005-2-16 09:55 +0000:
> ... ZPublisher security checking only the traversed to object ...
> ...
>This feels like a pretty horrible 
>security hole to me :-(
>
>What do other people think?

I see it as a feature not a bug.

  It allows to have subsites less strictly protected
  than the upper layers.

  This is essential, as Zope makes it quite difficult
  to remove rights when going deeper into the hiearchy
  while it is quite easy to add additional rights.

  That traversal itself is not security checked is not
  such a big problem because when the application tries
  to access the ancestors from untrusted code, then
  security checks are performed.

-- 
Dieter


More information about the Zope mailing list