An error occurred fetching the project authors.
- 01 Dec, 2005 1 commit
-
-
Tres Seaver authored
-
- 30 Nov, 2005 1 commit
-
-
Tres Seaver authored
o The new tests are amphibious: they exercise both the Python and the C implementations, ensuring that they remain in sync.
-
- 18 Nov, 2005 1 commit
-
-
Andreas Jung authored
-
- 15 Jun, 2005 2 commits
-
-
Shane Hathaway authored
This was also done on Zope-2_8-branch. - Added the "verbose-security" option in zope.conf. - Changed the Python security policy implementation to emit verbose Unauthorized errors when verbose-security is enabled. - Also, when verbose-security is enabled, computed roles include the name of the permission from which the roles were derived, allowing the security policy to reliably discover what permission is missing. - Fixed tests that didn't pass when verbose security was enabled. - Moved SimpleItem.__repr__ to a more basic class, where it should have been all along. See also: http://mail.zope.org/pipermail/zope-dev/2005-June/025019.html
-
Shane Hathaway authored
- Added the "verbose-security" option in zope.conf. - Changed the Python security policy implementation to emit verbose Unauthorized errors when verbose-security is enabled. - Also, when verbose-security is enabled, computed roles include the name of the permission from which the roles were derived, allowing the security policy to reliably discover what permission is missing. - Fixed tests that didn't pass when verbose security was enabled. - Moved SimpleItem.__repr__ to a more basic class, where it should have been all along. See also: http://mail.zope.org/pipermail/zope-dev/2005-June/025019.html
-
- 01 Apr, 2005 1 commit
-
-
Tres Seaver authored
-
- 29 Mar, 2005 1 commit
-
-
Christian Heimes authored
-
- 28 Mar, 2005 1 commit
-
-
Tres Seaver authored
-
- 07 Aug, 2004 1 commit
-
-
Tres Seaver authored
from 'guarded_getattr'.
-
- 18 Feb, 2004 1 commit
-
-
Jim Fulton authored
string roles only of the values were different. This was a needless optimization. Then we preceeded to reset the roles value even though it wasn't used again.
-
- 27 Jan, 2004 1 commit
-
-
Brian Lloyd authored
-
- 15 Jan, 2004 1 commit
-
-
Tres Seaver authored
- Merge a number of entangled issues from 2.6 / 2.7 audit: Iteration over sequences could in some cases fail to check access to an object obtained from the sequence. Subsequent checks (such as for attributes access) of such an object would still be performed, but it should not have been possible to obtain the object in the first place. List and dictionary instance methods such as the get method of dictionary objects were not security aware and could return an object without checking access to that object. Subsequent checks (such as for attributes access) of such an object would still be performed, but it should not have been possible to obtain the object in the first place. Use of "import as" in Python scripts could potentially rebind names in ways that could be used to avoid appropriate security checks. A number of newer built-ins were either unavailable in untrusted code or did not perform adequate security checking. Unpacking via function calls, variable assignment, exception variables and other contexts did not perform adequate security checks, potentially allowing access to objects that should have been protected. Class security was not properly intialized for PythonScripts, potentially allowing access to variables that should be protected. It turned out that most of the security assertions were in fact activated as a side effect of other code, but this fix is still appropriate to ensure that all security declarations are properly applied. DTMLMethods with proxy rights could incorrectly transfer those rights via acquisition when traversing to a parent object.
-