Jim Fulton wrote at 2004-1-15 17:23 -0500:
>BTW, telling me that an algorithm has changed doesn't constitute
>a use case. :) I know that algorithm has changed.  I assert that
>we don't need the feature that the change broke.  I am open
>to evidence to the contrary.

Do you have a convincing reason to change the behaviour?

I argue here with consistency:

  When the "setDefaultAccess" function is called, it should
  always be called with sensible (and consistent) arguments.

  In my view, it is not consistent, that the function
  is called with the attribute name when the attribute is accessed
  via "attribute access syntax" but
  called with "None" when the same attribute it accessed
  via "item access syntax".

  For security checks, the accessed object should be the driving factor
  and not the particular way the access is made.

  When we do not get this consistent, we open new hidden
  security holes (as one must always think: can this
  same object be accessed also in a different way
  and how have I to secure this way).


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to