Hmm... being able to acquire the Control_Panel (or anything) and it taking on the wrong security context was a bug, and AFAIK it has been corrected.
Before I start sounding like I did in a previous thread, I am starting to have some very serious doubts about the direction Z3 development is heading. I have been a strong proponent of Zope, in part because of the very features that people seem to be proudly proclaiming will be removed from, or at best depricated in, Z3... Bottom line, internal bugs to one side, Z2.x works a particular way, and is documented as doing so. This is a powerful and useful feature, and we are likely to severly impact the power and process of "Zopeing" by removing it. If we are still heading for "10x" we should be enhancing those features that set Zope apart from the competition, not removing features that make it different. Just my $0.02 Adrian... -- Adrian Hungate EMail: [EMAIL PROTECTED] Web: http://www.haqa.co.uk ----- Original Message ----- From: "Casey Duncan" <[EMAIL PROTECTED]> To: "Adrian Hungate" <[EMAIL PROTECTED]>; "Toby Dickenson" <[EMAIL PROTECTED]>; "Lennart Regebro" <[EMAIL PROTECTED]>; "Wei He" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, May 30, 2002 6:43 PM Subject: Re: [Zope-dev] Zope logic The namspace traversal in Zope 2 severely violates the principle of least surprise IMO. Although you can use this to clever ends, it opens up many doors to misuse of a site or even significant security holes. For instance, it used to be possible to access the Control Panel (and shutdown Zope) as a user defined in a subfolder of the root who had the local Manager role, just by forming a URL like: http://somezope/myfolder/Control_Panel/manage_main The point is that this grants way too much power to the end user to muck up the namespaces. It is difficult, if not impossible to design an app in Zope today that accounts for all possible namespace variations gracefully, since there are effectively an infinite number of them for every given object in Zope based on different URLs. Now I won't argue that implicit acquisition isn't useful. It rules in solving (and simplifying) problems in creating highly coordinated objects. But, being an implicit and magical thing, it is better if it is invoked through an explicit gesture rather than simply being there all the time. Having it around all the time also makes it easy to use it when its not the best (or most robust) solution because it also excels in creating namespace chaos that is difficult to predict and account for. This is what Zope3 realizes. -Casey On Thursday 30 May 2002 12:42 pm, Adrian Hungate wrote: > Hmmm... interesting points... However I almost completely disagree. > > The only part of URL implicit acquisition that I have a problem with is > acquiring from outside the VHost, but if you plan properly, you can even > avoid this. > > I have written several sites that use this feature, and I have found no > significant problems with it, and as for it being a problem for caching > proxies, many of the objects that get acquired are dynamic, and provide > different content based on context, so multiple cache entries is the correct > answer. > > Adrian... > > -- > Adrian Hungate > EMail: [EMAIL PROTECTED] > Web: http://www.haqa.co.uk > > ----- Original Message ----- > From: "Toby Dickenson" <[EMAIL PROTECTED]> > To: "Lennart Regebro" <[EMAIL PROTECTED]>; "Wei He" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Thursday, May 30, 2002 4:07 PM > Subject: Re: [Zope-dev] Zope logic > > > On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote: > > > It not only sounds good, but it is good.No, it' is fantastic. Amazing. > > Totally unbelivingly great! It's one of the best and main features of > Zope. > > Is anyone relying on your site to provide information? How do you test your > site to make sure that every possible url (not just the ones you link to) do > not give out misinformation. > > Some specific problems that I have encountered: > > 1. Content that crosses between virtual hosts. > > If two different virtual hosts come from the same zope then it is possible > to > construct a URL so that content from one site appears under the hostname > (and > https certificate!) of another. > > 2. A page that uses a mix of context and containment > > If a page is built up with some content found from its context, and other > content from containment, then it is possible to construct a URL so that > apparently related information comes from unrelated objects. Imagine a > medical imaging database, where it was possible for a page do display the > wrong patient name above an image. > > > My conclusions are: > > a. implicit acquisition is dangerous > > b. acquisition that searches outside the containment hierarchy is evil. > > > Im not keeping up with Zope 3 development..... how does Zope 3 handle > acquisition? > > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) > > > > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) > _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )