On Feb 05, 2010, at 04:20 PM, Henning Eggers wrote: >1. The LP API exposes model classes directly to the web, leaving only > the Zope security declaration in ZCML as protection (no view).
This seems like an especially bad situation for us to be in, because it will (has already?) lead to security breaches. We've been confident that our views protect our models from abuse via the web ui, but as we add more API we don't get the same level of confidence. Many objects and methods are exposed in both places and need similar constraints. It's becoming increasingly common to expose functionality /only/ through the API (e.g. software center) and there is no systematic way to protect such access. Overloading the models with more and more security does not seem like a good long term path. I don't have any answers though. -Barry
signature.asc
Description: PGP signature
_______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
