On Wed, Apr 29, 2009 at 6:37 AM, Jorge Vargas <jorge.var...@gmail.com> wrote:
> On Mon, Apr 27, 2009 at 5:15 AM, Gustavo Narea <m...@gustavonarea.net> wrote:
>> Hola, Jorge.
>> On Monday April 27, 2009 10:42:35 Jorge Vargas wrote:
> by the way from repoze.what.plugins.pylonshq import is_met is not the
> correct path.
apparently the correct syntax is in_group('clients').is_met(request.environ)

>> http://code.gustavonarea.net/repoze.what-pylons/Manual/Misc.html#boolean-predicates
> could you please explain why this warning? I'm really shock here. are
> you telling us that the default way TG is using repoze.what will break
> your security? last time I read the ticket regarding this
> implementation it was never mention that this will be a security
> issue.
I just looked at this again and it's really interesting.
The only reason this is a "monkey patch" is because you implemented it
as such with the "booleanze_predicates" function

according to the python documentation

and I don't see why request.environ will have problems evaluating the
values from third-part.

as for the non-pylons this has something to do with the SOPs? it is my
understanding you are evaluating the request on each call so why is
this a problem?
Repoze-dev mailing list

Reply via email to