How do you come to think that a /o/ link would be be shown without description?
Dirk,
If the description is part of an object, and the object has a read permission, then you need to run a permission check before dispaying the description. This is exactly what I fear: an application that rummages around displaying private information, unchecked.
All I am saying is that you shouldn't create a back door to data, of any type, period. Now the redirection page, as I now understand it, would just take an object_id. Assuming the page didn't give away any information in case of a permission failure, then there is nothing wrong with it. I think it is a good idea. But an application that lists objects (showing the name or a description) without a permission check is just bad. It isn't what OpenACS was designed to do. The fact that it is easy to do it shouldn't be a surprise to anyone. But it is a bad idea.
