-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 17/01/2004, at 10:34 AM, Jim Fulton wrote:
I I'm pretty sure that I can redo the way we protect dictionaries and
lists so that we can provide backward compatability. If I can do
this,
I will, because backward compatability *is* important, especial
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-16 18:54 -0500:
...
For security checks, the accessed object should be the driving factor
and not the particular way the access is made.
Well, sorry, that's not what this is about. We are talking about what
to do when accessing objects without ro
Jim Fulton wrote at 2004-1-16 18:54 -0500:
> ...
>> For security checks, the accessed object should be the driving factor
>> and not the particular way the access is made.
>
>Well, sorry, that's not what this is about. We are talking about what
>to do when accessing objects without roles. The
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-15 17:23 -0500:
BTW, telling me that an algorithm has changed doesn't constitute
a use case. :) I know that algorithm has changed. I assert that
we don't need the feature that the change broke. I am open
to evidence to the contrary.
Do you have a
Jim Fulton wrote:
Stuart Bishop wrote:
...
It was never intended that the ability to control unprotected sub-objects
by name would apply to items. It was sloppy coding on my part that item
indexes
(yes, indexes, like, say, 1) and keys were passed as names. I can
certainly
understand why peopl
Stuart Bishop wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/01/2004, at 9:23 AM, Jim Fulton wrote:
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-15 10:03 -0500:
...
Right. The name attribute was intended for attribute-based access.
IMO, it makes no sense to consider key values whe
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-15 17:23 -0500:
...
None should never be passed for attribute accesses. If it is,
then there is a bug. The case of dictionary mapping names to
whatever is for attribute access. We are talking about item/key
access. I haven't seen a use case for nee
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 16/01/2004, at 9:23 AM, Jim Fulton wrote:
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-15 10:03 -0500:
...
Right. The name attribute was intended for attribute-based access.
IMO, it makes no sense to consider key values when doing security
checks
Jim Fulton wrote at 2004-1-15 17:23 -0500:
>BTW, telling me that an algorithm has changed doesn't constitute
>a use case. :) I know that algorithm has changed. I assert that
>we don't need the feature that the change broke. I am open
>to evidence to the contrary.
Do you have a convincing reason
Jim Fulton wrote at 2004-1-15 17:23 -0500:
> ...
>None should never be passed for attribute accesses. If it is,
>then there is a bug. The case of dictionary mapping names to
>whatever is for attribute access. We are talking about item/key
>access. I haven't seen a use case for needing to specify
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-15 10:03 -0500:
...
Right. The name attribute was intended for attribute-based access.
IMO, it makes no sense to consider key values when doing security
checks.
I will let Jim comment on your use case.
What use case? I missed it. Where is it?
"Ac
Dieter Maurer wrote:
Jim Fulton wrote at 2004-1-15 10:03 -0500:
...
Right. The name attribute was intended for attribute-based access.
IMO, it makes no sense to consider key values when doing security
checks.
I will let Jim comment on your use case.
What use case? I missed it. Where is it?
"Ac
Jim Fulton wrote at 2004-1-15 10:03 -0500:
> ...
>Right. The name attribute was intended for attribute-based access.
>
>IMO, it makes no sense to consider key values when doing security
>checks.
>
>> I will let Jim comment on your use case.
>
>What use case? I missed it. Where is it?
"AccessContr
Tres Seaver wrote:
Jim Fulton wrote:
Tres Seaver wrote:
I will let Jim comment on your use case.
What use case? I missed it. Where is it?
Here is Stuart's original post:
This has the side effect of not passing the name attribute to
my security assertion methods registered via
ClassSecurityI
Jim Fulton wrote:
Tres Seaver wrote:
I will let Jim comment on your use case.
What use case? I missed it. Where is it?
Here is Stuart's original post:
This has the side effect of not passing the name attribute to
my security assertion methods registered via
ClassSecurityInfo.setDefaultAccess:
c
Tres Seaver wrote:
Stuart Bishop wrote:
On 13/01/2004, at 4:19 PM, Stuart Bishop wrote:
The 'security audit work for the 2.7 branch' commit on 8th Jan made
the following change in PageTemplates/Expression.py:
As well as in other locations such as ZopeGuards.py.
I've opened http://collector.zop
Stuart Bishop wrote:
On 13/01/2004, at 4:19 PM, Stuart Bishop wrote:
The 'security audit work for the 2.7 branch' commit on 8th Jan made
the following change in PageTemplates/Expression.py:
As well as in other locations such as ZopeGuards.py.
I've opened http://collector.zope.org/Zope/1182 wit
17 matches
Mail list logo