In article <[EMAIL PROTECTED]>,
Brian Lloyd <[EMAIL PROTECTED]> wrote:
> > How come you can browse things like the objectIds and objectValues
> > methods through the web? Surely this is exposing information
> > that people
> > shouldn't really know about?
>
> You're right - and stop calling me shirley. :) This is something of
Hmm, another ZAZ fan :-)
> a holdover from the bobo days - if you are a method and you have a
> docstring, you are accessible through the web (but still subject to
> the std security rules). objectIds and objectValues are a good
> example of things that really only want to be used from DTML and
> thus shouldn't have docstrings. I've changed this (and a few other
> iffy methods) for the next release.
Won't this break Amos' XML-RPC-based editor and similar hacks?
Can't you just turn off 'Access contents information' permission or
whatever it is on a folder if you don't want people to call
those things trough the web?
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
