[Zope3-Users] Re: Vocabularies beyond SimpleVocabulary
Piotr Chamera
piotr_chamera at poczta.onet.pl
Tue Jun 13 05:30:20 EDT 2006
> Philipp von Weitershausen wrote:
>> Piotr Chamera wrote:
>>I have removed proxies because I stored selected objects in attribute of
>>another object with forms generated from schema. But I probably can
>>remove proxy in set method of that attribute (property) or ... what else
>>can I store as reference to object in attribute of another object to be
>>secure?
>
> Security proxies can't be stored. They're created upon access. Unless
> you *really* know what you're doing, removeAllProxies or
> removeSecurityProxies should not occur in your application code. If it
> does, it's likely to cause security holes.
I have two objects "author" and "work" in many to many relationship.
I want to store works related to given author in author's attribute and
authors in atribute of work.
.setAuthors [2] <---- form <---- authors vocabulary <---- [1]
work author
[1] ----> works vocabulary ----> form ----> .setWorks [2]
As You pointed, removing proxy in point [1] is insecure.
If I pass proxy to vocabulary (can I?) and remove proxy in point [2] is
it insecure too?
How can I achieve this design in secure way?
Piotr Chamera
More information about the Zope3-users
mailing list