An error occurred fetching the project authors.
  1. 01 Dec, 2005 1 commit
  2. 30 Nov, 2005 1 commit
  3. 18 Nov, 2005 1 commit
  4. 15 Jun, 2005 2 commits
    • Shane Hathaway's avatar
      Folded in the functionality of the VerboseSecurity product. · d888bbc5
      Shane Hathaway authored
      This was also done on Zope-2_8-branch.
      
      - Added the "verbose-security" option in zope.conf.
      
      - Changed the Python security policy implementation to emit verbose
      Unauthorized errors when verbose-security is enabled.
      
      - Also, when verbose-security is enabled, computed roles include the
      name of the permission from which the roles were derived, allowing the
      security policy to reliably discover what permission is missing.
      
      - Fixed tests that didn't pass when verbose security was enabled.
      
      - Moved SimpleItem.__repr__ to a more basic class, where it should have
      been all along.
      
      See also:
      
      http://mail.zope.org/pipermail/zope-dev/2005-June/025019.html
      d888bbc5
    • Shane Hathaway's avatar
      Folded in the functionality of the VerboseSecurity product. · d7a8715f
      Shane Hathaway authored
      - Added the "verbose-security" option in zope.conf.
      
      - Changed the Python security policy implementation to emit verbose 
      Unauthorized errors when verbose-security is enabled.
      
      - Also, when verbose-security is enabled, computed roles include the 
      name of the permission from which the roles were derived, allowing the 
      security policy to reliably discover what permission is missing.
      
      - Fixed tests that didn't pass when verbose security was enabled.
      
      - Moved SimpleItem.__repr__ to a more basic class, where it should have 
      been all along.
      
      See also:
      
      http://mail.zope.org/pipermail/zope-dev/2005-June/025019.html
      d7a8715f
  5. 01 Apr, 2005 1 commit
  6. 29 Mar, 2005 1 commit
  7. 28 Mar, 2005 1 commit
  8. 07 Aug, 2004 1 commit
  9. 18 Feb, 2004 1 commit
  10. 27 Jan, 2004 1 commit
  11. 15 Jan, 2004 1 commit
    • Tres Seaver's avatar
      · 48bffa97
      Tres Seaver authored
        - Merge a number of entangled issues from 2.6 / 2.7 audit:
      
          Iteration over sequences could in some cases fail to check access
          to an object obtained from the sequence. Subsequent checks (such
          as for attributes access) of such an object would still be
          performed, but it should not have been possible to obtain the
          object in the first place.
      
          List and dictionary instance methods such as the get method of
          dictionary objects were not security aware and could return an
          object without checking access to that object. Subsequent checks
          (such as for attributes access) of such an object would still be
          performed, but it should not have been possible to obtain the
          object in the first place.
      
          Use of "import as" in Python scripts could potentially rebind
          names in ways that could be used to avoid appropriate security
          checks.
      
          A number of newer built-ins were either unavailable in untrusted
          code or did not perform adequate security checking.
      
          Unpacking via function calls, variable assignment, exception
          variables and other contexts did not perform adequate security
          checks, potentially allowing access to objects that should have
          been protected.
      
          Class security was not properly intialized for PythonScripts,
          potentially allowing access to variables that should be protected.
          It turned out that most of the security assertions were in fact
          activated as a side effect of other code, but this fix is still
          appropriate to ensure that all security declarations are properly
          applied.
      
          DTMLMethods with proxy rights could incorrectly transfer those
          rights via acquisition when traversing to a parent object.
      48bffa97