On Monday 26 July 2010 10:29:56 Robert Collins wrote: > Lastly, and here I expose my ignorance of some subtleties in zope - I > thought security proxies only lived between view and model objects, > not between model objects?
That's right. Once the code inside a proxied object is running, it's effectively security-free and can see objects that the code outside of it would not normally be able to access. We need to be careful about this, because there's no protection against returning data to the caller that it should not see. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
