Philipp von Weitershausen wrote:
Piotr Chamera wrote:
I have removed proxies because I stored selected objects in attribute of
another object with forms generated from schema. But I probably can
remove proxy in set method of that attribute (property) or ... what else
can I store as reference to object in attribute of another object to be
secure?
Security proxies can't be stored. They're created upon access. Unless
you *really* know what you're doing, removeAllProxies or
removeSecurityProxies should not occur in your application code. If it
does, it's likely to cause security holes.
I have two objects "author" and "work" in many to many relationship.
I want to store works related to given author in author's attribute and
authors in atribute of work.
.setAuthors [2] <---- form <---- authors vocabulary <---- [1]
work author
[1] ----> works vocabulary ----> form ----> .setWorks [2]
As You pointed, removing proxy in point [1] is insecure.
If I pass proxy to vocabulary (can I?) and remove proxy in point [2] is
it insecure too?
How can I achieve this design in secure way?
Piotr Chamera
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
