Zope 2

Recompile PythonScripts has no security

Bug #142059 reported by Andy McKay
254
Affects Status Importance Assigned to Milestone
Zope 2
Fix Released
Medium
Unassigned

Bug Description

The method manage_addProduct/PythonScripts/recompile has absolutely no security on it at all, which means anyone can run this operation once. Admittedly it is good thing to do, but it could be a very expensive and costly operation to run (since it does a ZopeFind) and should have security on it.

Tags: bug zope
Revision history for this message
Brian Lloyd (brian-lloyd) wrote :

Status: Pending => Resolved

Thanks for the report. This is fixed in the 2.5 branch
and for Zope 2.6.

-Brian

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.