Dieter Maurer wrote:
Oliver Bleutgen wrote at 2003-6-10 16:20 +0200:
> ...
> And you have to take acquisition into account
>
> folder1
>some_object
> folder2
>version2
>
> some_object shouldn't be lockable into version2.
Where did you ever read that the effect of versions
were i
Oliver Bleutgen wrote at 2003-6-10 16:20 +0200:
> ...
> And you have to take acquisition into account
>
> folder1
>some_object
> folder2
>version2
>
> some_object shouldn't be lockable into version2.
Where did you ever read that the effect of versions
were in any way restricted
Oliver Bleutgen wrote at 2003-6-6 22:48 +0200:
> Dieter Maurer wrote:
> > Oliver Bleutgen wrote at 2003-6-6 11:46 +0200:
> > > 3. And (minor problem, but whatever), since zope relies completely on
> > > the browser to send cookies only the right time (i.e. that the path set
> > > for th
Shane Hathaway wrote at 2003-6-10 10:15 -0400:
> Brian Lloyd wrote:
> > FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
> > the version machinery to require the "join / leave versions"
> > permission (which is assigned only to managers by default.
>
> It will be interesting
Shane Hathaway wrote:
I really wouldn't mind if we just disabled version support altogether,
with a configuration option to re-enable it. Perhaps users would
appreciate having less to worry about.
I still think this is the best idea. If this is not possible, then at
least removing it from the U
Shane Hathaway wrote:
Brian Lloyd wrote:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the "join / leave versions"
permission (which is assigned only to managers by default.
It will be interesting to find out how this can be accomplished. To
Brian Lloyd wrote:
FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
the version machinery to require the "join / leave versions"
permission (which is assigned only to managers by default.
It will be interesting to find out how this can be accomplished. To use
a version, you have
Chris Withers wrote:
Shane Hathaway wrote:
My opinion on this is a little different. It's quite easy for anyone
to make mischief on any Zope server that lets people make even minor
changes to the site, such as giving feedback, posting a discussion
item, etc.
On the weekend I had the idea tha
Shane Hathaway wrote:
My opinion on this is a little different. It's quite easy for anyone to
make mischief on any Zope server that lets people make even minor
changes to the site, such as giving feedback, posting a discussion item,
etc. All you have to do is include a Zope-Version cookie in t
Dieter Maurer wrote:
Oliver Bleutgen wrote at 2003-6-6 11:46 +0200:
> 3. And (minor problem, but whatever), since zope relies completely on
> the browser to send cookies only the right time (i.e. that the path set
> for the cookie must match a prefix of the request-URI), this might
> also
Aaah, big thanks for chiming in. *sigh of relief*.
Shane Hathaway wrote:
Casey Duncan wrote:
The security implications do not seem dire enough to me to warrent
trying to squeeze this into 2.6.x. If you do not use versions then
none of the implications apply. Perhaps it might be possible to do
Casey Duncan wrote:
The security implications do not seem dire enough to me to warrent trying to
squeeze this into 2.6.x. If you do not use versions then none of the
implications apply. Perhaps it might be possible to do additional security
checks to make entering versions more protected. This m
Casey Duncan wrote:
One man's opinion:
- Version support (at the application level) should be optional in 2.7. You
should be able to turn it off (maybe through ZConfig). The default should
probably be off, since I think more people avoid them than use them.
I would suggest these approaches:
1:
13 matches
Mail list logo
