On behalf of the Plone security team I am announcing this security issue in
Zope also here:
CVE Identifier: CVE-2020-7939
Type: SQL injection
Severity: 4.9 – MEDIUM
Affected Zope versions:
* Zope 2 older than 2.13.30 (2.13.30 is not yet released)
* Zope 4 older than 4.2
For details see
https:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
The Zope security response team is pre-announcing a fix for a
vulnerability in Zope 2.12.x and Zope 2.13.x that allows execution of
arbitrary code by anonymous users.
This is a severe vulnerability that allows an unauthenticated attacker
to employ a
Last week, the Zope and Plone security teams announced the discovery
of a serious security issue affecting all recent versions of Zope and
Plone, as well as the planned release of a Hotfix to address this
issue to be made today, June 28th at 1500 UTC.
The Plone and Zope security teams are
This is an update on today's security hotfix release.
The fix will be released at 15:00 UTC today, Tuesday 28th June, 2011
(11:00am US EDT.) Updated versions of Zope 2 containing the security
fix will be released at the same time.
For details on which versions of Zope and Plone are affected, plea
On behalf of the Plone and Zope Security Teams I'd like to draw your
attention to a security announcement that has just been published.
This is a pre-announcement only, it does not contain any vulnerability
details. Your sites are a safe today as they were yesterday. However,
as the problem
Thibaud Morel l'Horset wrote at 2008-9-15 19:44 -0400:
> I'm trying to figure out how to prevent certain zope objects from being
>called directly but allow them to be called from another object.
>
> Here is an example:
> You have a ZPT page, let's originally call it 'test'
> test calls a Script
On Tue, Sep 16, 2008 at 08:55:33AM -0400, Thibaud Morel l'Horset wrote:
> Thanks for the response Paul. I don't see a Proxy tab on Page Templates
> though, only DTML methods: do I need to install an additional product for
> that? or is it configured somewhere else for Templates?
Oops, right you ar
ant 'test' to call 'script' and render the contents
> of
> > 'script' to anonymous users through 'test'. I tested this out by making
> the
> > 'script' View permission only available for Authenticated users, and as
> > anonym
27; and render the contents of
> 'script' to anonymous users through 'test'. I tested this out by making the
> 'script' View permission only available for Authenticated users, and as
> anonymous I can neither hit 'test' nor 'script'.
>
.. It might be an instance of some object
that has a __str__ that makes it look like a dictionary?
J.F.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
tomvon
Sent: June 18, 2007 11:36
To: zope@zope.org
Subject: Re: [Zope] security assertion needed for dicti
I have the exact same problem and have been unable to find a solution
anywhere. Were you ever able to resolve this?
sfmcfar wrote:
>
> I apologize for cross-posting from the plone newsgroup. but after posting
> this I realized that this was more of a Zope issue than a Plone one. I
> wish I c
Einar Næss Jensen wrote at 2007-6-4 19:53 +0200:
> ...
>How can I copy the associated securityinformation about a zclass
>instance into my new diskbased instance? Roles and permissions.
In a product, permissions are automatically created by
using them (to protect a method).
What roles do you have
I'm on the run for transfering my poorly designed zclasses into real
diskbased ones. I've gotten pretty far in only a couple of weeks
thanks to this mailinglist and the irc channel on freenet. Thanks
everyone!
Today I have this question:
How can I copy the associated securityinformation about a z
]
> V.P. Engineering 540.361.1716
> Zope Corporation http://www.zope.com
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> > Peter Bengtsson
> > Sent: Thursday, January 26, 2006 9:44 AM
> > To: [Zope
n
> Sent: Thursday, January 26, 2006 9:44 AM
> To: [Zope]
> Subject: [Zope] Security class attribute
>
>
> Now in Zope 2.9 I get these warnings::
>
> 2006-01-26 14:31:45 WARNING Init Class
> Products.MyProduct.Homesite.FilesContainer has a security declaration
> for no
Now in Zope 2.9 I get these warnings::
2006-01-26 14:31:45 WARNING Init Class
Products.MyProduct.Homesite.FilesContainer has a security declaration
for nonexistent method 'FileManagement'
That's understandable because I've coded it like this::
class MyProduct(...):
security=ClassSecurityI
On 1/24/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> My site, including the bug, is currently public and to be demoed in two
> days. Any assistance or guidance is greatly appreciated.
Switch on VerboseSecurity in etc/zope.conf; this will give you much
more info on what the security engine st
I have patched the Navigation and Management so the drop-down containing
'Set Preferences' and 'Logout' is displayed in the menu frame. The 'Set
Preferences' displays a customized page to the user to set a unique set
of options for my application. My product consists of several additional
roles and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I wrote:
> I would rate Zope overall as a reasonably secure platform. Because the
> builk of it, including all the socket handling code, is written in
> If you look
> at the list of security alerts ("hotfixes", see
>
> you will note that the *vast*
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
michael nt milne wrote:
> Hi
>
> Just a quick query about Zope security etc. I've got an installation on a
> Windows server using Apache, which also hosts internal email/data etc. This
> is behind a router/firewall. Just wonder
HiJust a quick query about Zope security etc. I've got an
installation on a Windows server using Apache, which also hosts
internal email/data etc. This is behind a router/firewall. Just
wondering if there are any Zope security issues that I should be aware
of? How secure is Zope?
ThanksMich
Cameron Beattie wrote:
def main():
urllib._urlopener = MyUrlOpener()
url = "%s/Control_Panel/Database/manage_pack?days:float=%s" % \
*sigh* url whacking, bleugh!
If I use the backup user then urllib can't get the url due to no
authentication so errors as follows:
What roles do
I have created a script based on zope_pack from the Zope book which
allows a username and password to be specified when it is called. I wish
to create a user specifically for this purpose that only has the ability
to pack the ZODB.
What permission is ZODB packing protected by?
I don't know.
Cameron Beattie wrote:
I have created a script based on zope_pack from the Zope book which
allows a username and password to be specified when it is called. I wish
to create a user specifically for this purpose that only has the ability
to pack the ZODB.
What permission is ZODB packing protec
I have created a script based on zope_pack from the Zope book which allows a
username and password to be specified when it is called. I wish to create a
user specifically for this purpose that only has the ability to pack the
ZODB.
I've created a custom role and a user that has this role. Then
Right, checked an old (wrong) file in my product. Sorry for the mistake.
Yes, it works. Problems solved. Thank you Andreas and Jens.
--
Milos Prudek
http://www.spoxdesign.com - your web usability testing
___
Zope maillist - Zope@zope.org
http://mail
On 11.Jul 2005 - 17:49:16, Jens Vagelpohl wrote:
>
> On 11 Jul 2005, at 17:41, Andreas Pakulat wrote:
> >add a security.declareProtected('comment_add_form', ' >granted to Authenticated users only>')
> >Where the second string would be one of the rights listed on the
> >security tab with in the ZMI
On 11 Jul 2005, at 17:41, Andreas Pakulat wrote:
add a security.declareProtected('comment_add_form', '')
Where the second string would be one of the rights listed on the
security tab with in the ZMI. If that right is granted to the
authenticated user only, you have your access restrictions.
I
On 11.Jul 2005 - 18:27:57, Milos Prudek wrote:
>
>
> How can I manage permissions for imported ZPT files?
>
> Relevant lines from my Product:
>
> from AccessControl import ClassSecurityInfo
> class MyClass():
> security=ClassSecurityInfo()
> comment_add_form=PageTemplateFile('zpt/commen
How can I manage permissions for imported ZPT files?
Relevant lines from my Product:
from AccessControl import ClassSecurityInfo
class MyClass():
security=ClassSecurityInfo()
comment_add_form=PageTemplateFile('zpt/comment_add_form',globals())
My goal is to limit access to comment_add_fo
Anders Bruun Olsen wrote at 2005-5-6 18:19 +0200:
> ...
> security = ClassSecurityInfo()
> security.setDefaultAccess("deny")
> security.declareProtected("View Bookbase", "index_html")
> ...
>When the template tries to access container/title an access denied
>expection is raised. With VerboseSecu
--On Freitag, 6. Mai 2005 18:19 Uhr +0200 Anders Bruun Olsen
<[EMAIL PROTECTED]> wrote:
It works if I do setDefaultAccess("allow"), but I don't want to allow
access by default and then just deny for those I know I want to deny
access to. I want it the other way around.
Why don't you write an acc
Hi,
I am attempting to make a zope product (a custom book-database for use
by my employer) and of course want to secure it. I have added this code
to my class:
security = ClassSecurityInfo()
security.setDefaultAccess("deny")
security.declareProtected("View Bookbase", "index_html")
securit
thanks for your help!
but is there any way to define
this permission to the folder that contain the
many pages templates that i want to restrict the use?
afecting the parent(folder) we affect also the children(document)
instead of defining for all template pages this rules.
thanks a lot..
Citan
--On Sonntag, 1. Mai 2005 13:02 Uhr +0100 cla <[EMAIL PROTECTED]> wrote:
Hi!
Im developing a portal using, zope and i had been some
problems with the security of some template pages that
I have created. Those pages are accesible just puting
the correct path in the url, even if they are only for
ma
Hi!
Im developing a portal using, zope and i had been some
problems with the security of some template pages that
I have created. Those pages are accesible just puting
the correct path in the url, even if they are only for
manager access. I have already try the security tabs that
are associated to
Tim Hicks said:
> Andreas Jung said:
>
>>> Module RestrictedPython.Guards, line 96, in handler
>>> TypeError: object does not support item or slice assignment
>>>
>>> Does anyone have any idea what the problem is?
>
> Digging further...
>
> I made the TypeError a little more revealing on line
Andreas Jung said:
>> Module RestrictedPython.Guards, line 96, in handler
>> TypeError: object does not support item or slice assignment
>>
>> Does anyone have any idea what the problem is?
Digging further...
I made the TypeError a little more revealing on line 96 of
RestrictedPython/Guard
Andreas Jung said:
>> Module RestrictedPython.Guards, line 96, in handler
>> TypeError: object does not support item or slice assignment
>>
>> Does anyone have any idea what the problem is?
>
> Move your code into an external method which is less painful than dealing
> with module security i
--On Dienstag, 12. April 2005 16:18 Uhr +0100 Tim Hicks
<[EMAIL PROTECTED]> wrote:
Hi,
I'm trying to import and use the email.Message.Message class in a zope
'Script (Python)'.
I have the following security assertions in my product code::
from AccessControl import allow_module, allow_class
f
Hi,
I'm trying to import and use the email.Message.Message class in a zope
'Script (Python)'.
I have the following security assertions in my product code::
from AccessControl import allow_module, allow_class
from AccessControl import ModuleSecurityInfo
ModuleSecurityInfo('email.Message').
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Overview
Zope Corporation has released a Zope hotfix product addressing a
potential vulnerability discovered during a recent security audit
of Zope 2.7 and 2.8.
Affected Versions
The hotfix affects versions 2.7.5 and earlier of Zope on the 2
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Overview
Zope Corporation has released a Zope hotfix product addressing a
potential vulnerability discovered during a recent security audit
of Zope 2.7 and 2.8.
Affected Versions
The hotfix affects versions 2.7.5 and earlier of Zope on the 2
J B Bell wrote:
>
> I want to do authentication for a whole subset of the site (indeed, its
> entire public face really), but don't want a huge userfolder build from NIS.
> nisUserFolder doesn't seem like the right solution since I only want to use
> nis if they don't auth in the customary fashio
I'd like to make a 'fallback' authorization scheme for Zope. That is:
If user does not exist in usual UserFolder, then
authenticate against custom module (NIS, in this case)
and give them Anonymous privileges.
I want to do authentication for a whole subset of the site (indeed, its
entire public
I have made a Python product and when I add it to a folder there is no
problem, but when I try to add it to a zClass that subclasses a
objectManager i get a security error. Is there anything special I need to do
to add products to an objectManager ???
I get a password box, but if I just clicks ca
Hi all -
Peter Kelly has brought another potential security issue to
our attention that is important enough to make a Hotfix
available for those who allow untrusted users to edit DTML
on their sites.
The issue involves incorrect protection of a data updating method
on Image and F
On Mon, Dec 18, 2000 at 10:30:56AM -0500, Brian Lloyd wrote:
> > > The hotfix will work for all versions of Zope 2.2.0 and higher. A
> > > future version of Zope will contain the fix for this
> > > issue, and you will be able to uninstall the hot fix after upgrading.
> >
> > This seems to im
> > The hotfix will work for all versions of Zope 2.2.0 and higher. A
> > future version of Zope will contain the fix for this
> > issue, and you will be able to uninstall the hot fix after upgrading.
>
> This seems to imply that 2.1.6 is vulnerable as well, but that this Hotfix
> won't work
On Fri, Dec 15, 2000 at 02:02:08PM -0500, Brian Lloyd wrote:
> A security issue has recently come to our attention (thanks to
> Erik Enge for identifying this) that affects Zope versions up to
> and including Zope 2.2.4.
...
> The hotfix will work for all versions of Zope 2.2.0 and highe
Hi all -
A security issue has recently come to our attention (thanks to
Erik Enge for identifying this) that affects Zope versions up to
and including Zope 2.2.4.
The issue involves the computation of local roles. In some situations
the computation was not climbing the correct hierarc
On Fri, Dec 08, 2000 at 05:40:13PM -0500, Shane Hathaway wrote:
> AFAICT 2.1.6 is not vulnerable.
Verifying this on our server, this turns out to be quite correct; Zope
2.1.6 does not demonstrate the problem repaired by the hotfix.
--amk
___
Zope mail
Hi all,
Aleksander Salwa has brought a security issue to our attention
that affects all Zope versions up to and including Zope 2.2.4.
We have released a Hotfix product to address the issue that can
be downloaded from zope.org. (Thanks to Aleksander for finding
this and to Shane Hathaway
On Fri, 8 Dec 2000, Shane Hathaway wrote:
> You're right. It's because of a "legacy" issue. Here's a quick patch
> that plugs the hole:
>
[...]
>
> This is not perfect, however. I'm working on a better solution.
Thanks a lot !
It works for me.
[EMAIL PROTECTED]
/--
Aleksander Salwa wrote:
> Few days ago I found that on site that I'm currently working on,
> everybody can add DTMLMethods and Documents (and maybe do more, I haven't
> checked yet, but I think it's bad enough !) by simply entering URL
> http://www.mysite.com/manage_addDTMLMethod?id=q1&title=qq1&f
Few days ago I found that on site that I'm currently working on,
everybody can add DTMLMethods and Documents (and maybe do more, I haven't
checked yet, but I think it's bad enough !) by simply entering URL
http://www.mysite.com/manage_addDTMLMethod?id=q1&title=qq1&file=qqq1
After that Zope sends
Might be a security problem...
Are you allowed to access that header from inside your index_html?
cheers,
Chris
Andreas Jung wrote:
>
> Inside a product my index_html is set to
>
>"index_html=HTMLFile('index_html',globals())"
>
> The index_html.dtml calls . This DTML method is
> availab
seb bacon writes:
> * Dieter Maurer <[EMAIL PROTECTED]> [001128 00:12]:
> > Bowyer, Alex writes:
> > > All I need to do is to make certain ZClass methods have a certain level of
> > > security and the other methods of the class have no security.
>
> > It is quite good explain in the upcom
In article <[EMAIL PROTECTED]>, seb bacon
<[EMAIL PROTECTED]> writes
>* Dieter Maurer <[EMAIL PROTECTED]> [001128 00:12]:
>> Bowyer, Alex writes:
>> > Can some one explain how the Define Permissions screen works. I really
>don't
>> > understand the concept behind it, what does it mean for a per
* Dieter Maurer <[EMAIL PROTECTED]> [001128 00:12]:
> Bowyer, Alex writes:
> > Can some one explain how the Define Permissions screen works. I really don't
> > understand the concept behind it, what does it mean for a permission setting
> > to own a permission?
> >
> > All I need to do is to
Bowyer, Alex writes:
> Can some one explain how the Define Permissions screen works. I really don't
> understand the concept behind it, what does it mean for a permission setting
> to own a permission?
>
> All I need to do is to make certain ZClass methods have a certain level of
> security
Can some one explain how the Define Permissions screen works. I really don't
understand the concept behind it, what does it mean for a permission setting
to own a permission?
All I need to do is to make certain ZClass methods have a certain level of
security and the other methods of the class hav
Bowyer, Alex writes:
>
> I can't find any examples in any of the Zope documentation
> about how to manage permissions for class methods. Does anyone know where I
> could find such documentation or examples if there are any?
Did you look at the upcoming Zope book?
Dieter
___
I know I am posting quite a lot of questions to the list lately, sorry about
that, it's just that I can save myself hours of trial-and-error coding when
I get quick answers from list, so I hope you don't mind. It seems to be the
fastest way to learn.
I have a news page ZClass and a news article Z
On Fri, 17 Nov 2000, Bowyer, Alex wrote:
> I have one method index_html which should be viewable by anonymous.
> All other methods should only be viewable when a username/password is
> entered for someone with the role I have called UAAdmin
[...]
> I can only seem to get full access to all pages (
I am having some problems with getting the right security settings for my
ZClass.
I have one method index_html which should be viewable by anonymous.
All other methods should only be viewable when a username/password is
entered for someone with the role I have called UAAdmin
One thing that is caus
hi,
do you have these two:
http://www.zope.org/Members/michel/ZB/
http://zdp.zope.org/projects/zqr
j.
..
. Jason C. Leach
... University College of the Cariboo.
..
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.o
> [Charlie Wilkinson]
>
> | Greetings,
>
> Hola!
>
> | Now, referring to figure 1 (above :-), changes to security settings
> | for the acl_test folder are having no effect on access to index_html.
> | Only when I change the security settings on index_html itself, can I
> | control access to it.
On Thu, Nov 09, 2000 at 12:03:27PM -0500, Jeff Hoffman waxed eloquent:
> On Thu, 9 Nov 2000, Charlie Wilkinson wrote:
[snip...]
> > So what this boils down to is that as of v2.2.whatever, an acl_users
> > folder apparently does not protect the folder it's in (parent folder),
> > but only it's sibl
please bear with my ignorance, because this is the first couple of day
I ever try Zope. It is super cool, but I should say that the
documentation is far from satisfaction.
Here is my problem:
The only API I can find to alter the properties of some object is
"manage_changeProperties". However, in o
[Charlie Wilkinson]
| Greetings,
Hola!
| Now, referring to figure 1 (above :-), changes to security settings
| for the acl_test folder are having no effect on access to index_html.
| Only when I change the security settings on index_html itself, can I
| control access to it.
Can it have someth
On Thu, 9 Nov 2000, Charlie Wilkinson wrote:
> / (Root Folder)
> / acl_test (ACL Test Folder)
> acl_users (User Folder)
> index_html (Test Document)
>
> Now, referring to figure 1, changes to security settings for the acl_test
> folder are having no effect on ac
Greetings,
I know this a very busy list, but I'm hoping someone can take a moment to
address this. I had posted about this on Zope-dev because I'm running the
CVS version, but no response. Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same pro
Greetings,
I had posted about this on Zope-dev because I'm running the CVS version,
but no response there. Also more research has yielded more info.
I first discovered this issue with LoginManager, but the same problem
occurs with standard acl_users too.
First, 'Figure 1:'
/ (Root Folder)
od, i should be able to acquire anything
specified into it, from its parent hierarchy.
Please help or tip. Thanks =)
Seb Bacon wrote:
Does Zope security provide a way of restricting what
objects are listed to
an authenticated user inside the Zope 'manage' interface? I'm
getti
Also, consider adding an accessrule. This won't stop them from using
__no_before_traverse__ or _SUPPRESS_ACCESSRULE but it will make it
'appear' there is nothing more than the current level.
knight
[EMAIL PROTECTED]
On Fri, 13 Oct 2000, Tim Cook wrote:
> Stephan Goeldi wrote:
> >
> > OK let me
the root folder's "Access contents information" rights for Anonymous and the
sub-tree managers. I think Zope security is really a bit weak here because the
standard settings are NOT blocking "Access contents information" and blocking
it makes programming a bit harder ...
B
Stephan Goeldi wrote:
>
> OK let me state that I don't think so (subject line). I had to choose this
> subject, because it seems to me, that nobody was interested in my previous
> attempts to get information about my problem. So here is my newbie (?)
> question again:
>
> I have the folders:
>
OK let me state that I don't think so (subject line). I had to choose this
subject, because it seems to me, that nobody was interested in my previous
attempts to get information about my problem. So here is my newbie (?)
question again:
I have the folders:
/www/folder1
/www/folder2
Apache re
Does Zope security provide a way of restricting what objects are listed to
an authenticated user inside the Zope 'manage' interface? I'm getting my
head all twisted up over this security / proxy roles /local roles lark.
Thanks, seb
__
Martijn Pieters wrote:
> No it isn't. Web access to class instances is handled by permissions.
> Unpickling will cause class instantiation in the python process, where you
> have no control over what get's created.
Surely you could pipe this process through the Zope security
On Mon, 21 Aug 2000, Stefan Bambach wrote:
> class test:
> def __init__(self):
> pass
> def sayhello(self):
> return "hello"
>
> def initialize(self):
> return test()
>
>
> What's wrong with this code ?
Try to add this attribute to your class 'test':
__allow_access_to_unprote
Hello zope-users,
I upgraded my Zope application from version 2.1.3 to 2.2.0 . Now I
have problems with the new security system.
e.g. 'test.py' in Extensions directory:
class test:
def __init__(self):
pass
def sayhello(self):
return "hello"
def initialize(self):
return test()
No
Hi all -
We have recently become aware of an important security issue
that affects all released Zope versions prior to 2.2.1 beta 1.
The issue involves the fact that the getRoles method of user objects
contained in the default UserFolder implementation returns a mutable
Python type
Imagine a Zope-hosting ISP with a single ZODB.
A user Daz signs up for webhosting and sends
in his custom products and Zope tree. The ISP
installs said data as follows:
root
Control_Panel
Products
dazProduct
dazClass1
dazClass2
acl_users (us
On Wed, Aug 09, 2000 at 10:08:20AM -0700, Paul Abrams wrote:
> Yikes! Every time I try to change my security settings all
> of the checkboxes become unset when I save the form!
>
> 1. Open up any "Security" tab
> 2. Change a checkbox
> 3. Save the form
> 4. Click 'Ok'
> 5. ALL of the checkboxes
Yikes! Every time I try to change my security settings all
of the checkboxes become unset when I save the form!
1. Open up any "Security" tab
2. Change a checkbox
3. Save the form
4. Click 'Ok'
5. ALL of the checkboxes are empty!
Has anbody else seen this problem? I have a workaround, but
I'd r
Hi,
I've got two questions.
1.Is Zope 2.2.0 masking the length of the passwords?
2. the more important->
I'm using a method to change properties by form. The user i.e. Tim has
the role manager in the highest user_folder and acquisition is kept but
Zope tells me that the user is not authorized. Wh
Hi,
I've got two questions.
1.Is Zope 2.2.0 masking the length of the passwords?
2. the more important->
I'm using a method to change properties by form. The user i.e. Tim has
the role manager in the highest user_folder and acquisition is kept but
Zope tells me that the user is not authorized. Wh
authentification request bug and fail
when running an sql method through an external method (python 1.5.42+) in a
dtml-tree tag
zope(2.2dev) asks me to login again, what i do without success. Indeed, all
separate components work fine.
Any idea ?
Thanks
Thats what I did .. same problem.
However when I installed a new 2.2 final and did exactly the same (same stuff, same
permissions) then it worked. There must be some problem with the upgrading...
Peter
Pierre Rougier skrev:
> Hi
>
> Just to see... try to give all the proxy roles to your method
Hi
Thanks for the tip. I gave the method the correct roles but unfortunatelty the
problem still exists.
Peter
Pierre Rougier skrev:
> Hi :)
> I may say something idiot, but...
>
> Did u try to change the proxy roles of the method which call the fonction
> manage_editProperties?
> (in case of:
Hi :)
I may say something idiot, but...
Did u try to change the proxy roles of the method which call the fonction
manage_editProperties?
(in case of: to do it, edit your method and choose proxy at the top of the
window), u can edit the role of your method.
Piotr.
Peter Arvidsson wrote:
> I ha
I have a very anoying problem...
I have created a news-product and have several news-objects. Now I want
to change the properties of a news-object. This is my code for that:
'newsEntries' is the folder where I store my news-objects.
'objId' is the id of the product as a string.
Everytime
PROTECTED]]
Sent: Monday, July 17, 2000 10:27 AM
To: 'Theodore Patrick'; '[EMAIL PROTECTED]'
Subject: RE: [Zope] SECURITY ROLES and < DTML-IN>
> I am having trouble rendering a in ZOPE 2.2.0 to any user
> regardless of roles.
>
> I have allocated the proper rig
> I am having trouble rendering a in ZOPE 2.2.0 to any user
> regardless of roles.
>
> I have allocated the proper rights to all objects used and
> nothing happens.
> The will not let any user view its contents.
Theodore -
I bet you're running into the same problem as the
folks using the O
I am having trouble rendering a in ZOPE 2.2.0 to any user
regardless of roles.
I have allocated the proper rights to all objects used and nothing happens.
The will not let any user view its contents.
I am using an in a DTML Document to render the contents of an
SQL_Method from and Oracle Da
Brian,
from the announcement, it sounded like the only change from 2.1.6 to 2.1.7
was the fix to DT_String. Zope-2.1.7-src/doc/CHANGES.txt only lists:
Bugs Fixed
- An inadequately protected base class method made DTMLDocuments
and DTMLMethods vulnerable to having their
Hello all,
We have recently become aware of an important security issue
that affects all released Zope versions including the recent
2.2 beta 1 release.
The issue involves an inadequately protected method in one of
the base classes in the DocumentTemplate package that could allow
the conten
> > I will soon have a Zope-site ready to go online. How can I make shure
> > that I did everything (concerning Zope) to stop intruders? Where can
> > I find information about protecting a Zope-site? Has anyone had
> > security problems so far?
>
>Easiest (most brutal?) fix I've found - hide Z
1 - 100 of 102 matches
Mail list logo
