Re: [Zope3-Users] Security in Code, example, why does this work?
On Sunday 09 April 2006 09:21, Reinhold Strobl wrote: So can code always access everything, or not? Filesystem Python code is always trusted. Thus you have no security inside methods. Regards, Stephan -- Stephan Richter CBU Physics Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Security in Code, example, why does this work?
Reinhold Strobl wrote: Hi, (...) So can code always access everything, or not? In Zope 3 there is also the concept of trusted and untrusted code like in Zope 2 See http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/ShortTutorial/short.pdf pages 88 - 94 (esp. page 94) In trusted code no permissions are checked. So you may have to check manually before entering trusted code. I think that you call a method of your model-code from with-in the view-code. Thats the entrace to trusted code. Hope that helps a bit, mac ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users