On Sun, 30 Jul 2000 10:38:44 +0100, Chris Withers <[EMAIL PROTECTED]>

>Dieter Maurer wrote:
>>  > I wonder why starting folders with _ is so bad in Zope?
>> In the time, when everything was allowed what was not explicitely
>> forbidden, an easy way was necessary to forbid access. Jim
>> (and, therefore, Zope) used:
>>   anything starting with "_" is private: no DTML access, no Web access.
>> Now, with the change to a security policy "Everything is
>> forbidden when not explicitely allowed", the need for
>> such a rule based on naming dwindles. Maybe, it will disappear
>> sometime in the future.

That rules applies at a lower level. It removes the need to have
special-case handling for the many low-level objects that should never
be web-accessible.

Almost all zope-manageable classes (and certainly Folders, that Dieter
mentioned) use the old rule. This happens because they derive from
SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__.

Toby Dickenson

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to