On Friday 12 Apr 2002 7:19 pm, Jeffrey P Shell wrote:

>that your proposal isn't up there (or the catalog is up to its old charms ;)

No, its not up there. 

>But now, does this mean I have to go through and tag every method that might
>cause a state change?  Or might not?

You wont ever *have* to do anything to your own methods. You might *want* to, 
if you want the extra protection against client side trojans that this 
declaration will give.

>Now that I'm understanding things more, I never call non-idempotent methods
>(I hope I'm using that term right) from DTML anymore

Me to. Thats why I was suprised to see the opposition.

>Overall, I still don't know how I feel about the whole thing.  It's good to
>have Zope as secure as possible, but if putting that security makes it
>suddenly much harder to develop for or upgrade to/for, I worry about the
>support costs involved.

Indeed.


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to