Jamie Heilman wrote:

Martijn Faassen wrote:

On the other hand, in situations where the PageTemplate designers are *not* security conscious (they're designers, not primarily programmers) the option of explicit checks is useful.

PageTemplateFile is a class used by Product authors, just like DTMLFile. If you can write a product, you are either security conscious or your product is worthless.

exactly. let's not design technical solutions to non-technical problems.

These kind of tools (ie Zope and Zope products) should be versatile, and constraints on their usage should come from best practices anc conscient knowledge and not from the way the tools are implemented.


-- -------------------------------------------------------------------
Dario Lopez-KÃsten, IT Systems & Services Chalmers University of Tech.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to