Re: [Zope3-Users] Re: AW: View or content provider
On Monday 16 July 2007 19:32, Daniel Nouri wrote: I do not recommend using views for content that is only used inside a template. Because context/@@viewname is also traversable as a real view and will probably show up in google. How would it show up in Google? Google bots don't try arbitrary URLs, they follow links. Using ordinary views for parts of a HTML page works perfectly for me. It works at the cost of security. How do you know that noone will figure out those views? And how do you know that they are properly secured, if you never test them standalone? This might not be too problematic for a single project, but would you like to install a package and suddenly get all those views that you do not know whether they are properly secured and may reveal sensitive information? I can tell you that some of my clients do care about this! Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: AW: View or content provider
Hi! Stephan Richter wrote: On Monday 16 July 2007 19:32, Daniel Nouri wrote: I do not recommend using views for content that is only used inside a template. Because context/@@viewname is also traversable as a real view and will probably show up in google. How would it show up in Google? Google bots don't try arbitrary URLs, they follow links. Using ordinary views for parts of a HTML page works perfectly for me. It works at the cost of security. How do you know that noone will figure out those views? And how do you know that they are properly secured, if you never test them standalone? This might not be too problematic for a single project, but would you like to install a package and suddenly get all those views that you do not know whether they are properly secured and may reveal sensitive information? I can tell you that some of my clients do care about this! How exactly is it easier to secure a viewlet over securing a view? The fact that they're traversable doesn't mean that they have to be visible for everyone, does it? Am I missing something here? Regards Daniel ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
