Re: [Zope-dev] Ids starting with _
"R. David Murray" wrote: > > 1) Why does SimpleItem still have this?! Since so much, IIRC, is derived > > from SimpleItem.Item, surely this goes very much against the grain of > > 'everything should be protected unless I say otherwise'? > > If you read the docs about the 2.2 security changes, you'll find the > explication. Summary: this is a transitional step. IIRC, Brian checked in the change, found that it broke stuff and then reluctantly added this in. I suppose it's godo to bear in mind :-) > > 2) Why does having __allow_access_to_unprotected_subobjects__=1 mean > > that the 'start with _ = hidden/no DTML, no web Access' ruel applies? > > I don't think that's what he meant. I think he meant that keeping > that _ behavior was necessary because most objects still use the > older 'wide open' security model. But I could be wrong. Hmm, I'm gonna try and phrase a proposal on dev.zope.org that might cover this :S cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Ids starting with _
On Mon, 31 Jul 2000, Chris Withers wrote: > Toby Dickenson wrote: > > Almost all zope-manageable classes (and certainly Folders, that Dieter > > mentioned) use the old rule. This happens because they derive from > > SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__=1 > > 1) Why does SimpleItem still have this?! Since so much, IIRC, is derived > from SimpleItem.Item, surely this goes very much against the grain of > 'everything should be protected unless I say otherwise'? If you read the docs about the 2.2 security changes, you'll find the explication. Summary: this is a transitional step. > 2) Why does having __allow_access_to_unprotected_subobjects__=1 mean > that the 'start with _ = hidden/no DTML, no web Access' ruel applies? I don't think that's what he meant. I think he meant that keeping that _ behavior was necessary because most objects still use the older 'wide open' security model. But I could be wrong. --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Ids starting with _
Toby Dickenson wrote: > Almost all zope-manageable classes (and certainly Folders, that Dieter > mentioned) use the old rule. This happens because they derive from > SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__=1 1) Why does SimpleItem still have this?! Since so much, IIRC, is derived from SimpleItem.Item, surely this goes very much against the grain of 'everything should be protected unless I say otherwise'? 2) Why does having __allow_access_to_unprotected_subobjects__=1 mean that the 'start with _ = hidden/no DTML, no web Access' ruel applies? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Ids starting with _
On Sun, 30 Jul 2000 10:38:44 +0100, Chris Withers <[EMAIL PROTECTED]> wrote: >Dieter Maurer wrote: >> > I wonder why starting folders with _ is so bad in Zope? > >> In the time, when everything was allowed what was not explicitely >> forbidden, an easy way was necessary to forbid access. Jim >> (and, therefore, Zope) used: >> >> anything starting with "_" is private: no DTML access, no Web access. >> >> Now, with the change to a security policy "Everything is >> forbidden when not explicitely allowed", the need for >> such a rule based on naming dwindles. Maybe, it will disappear >> sometime in the future. That rules applies at a lower level. It removes the need to have special-case handling for the many low-level objects that should never be web-accessible. Almost all zope-manageable classes (and certainly Folders, that Dieter mentioned) use the old rule. This happens because they derive from SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__. Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Ids starting with _
Dieter Maurer wrote: > > I wonder why starting folders with _ is so bad in Zope? > In the time, when everything was allowed what was not explicitely > forbidden, an easy way was necessary to forbid access. Jim > (and, therefore, Zope) used: > > anything starting with "_" is private: no DTML access, no Web access. > > Now, with the change to a security policy "Everything is > forbidden when not explicitely allowed", the need for > such a rule based on naming dwindles. Maybe, it will disappear > sometime in the future. Maybe this is something for dev.zope.org? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
