Toby Dickenson writes:
> > ... protocol specific access rights ...
> Please No.
> Zope security is complex enough without having to worry about
> different security settings depending on how a method is accessed.
> (And we should have a lower tolerance for complexity when it applies
> to security)
> If a user has permission to access a method then he should be able to
> access it any way (xmlrpc, ZPublisher, DTML, PythonMethods)
I agree with you mostly.
But it might be a significant difference, whether
you access via HTTP or HTTPS or even a protocol that
provides trusted authentication.
Furthermore, I would not bring DTML and web access on the same
There are objects, that should be usable by Anonymous
inside DTML but should not be viewable over the
web (as they will only confuse).
All page components (such as "standard_html_header/footer")
fall into this category.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -