Re: [Zope-dev] RFC: Use Zope 3's protection system in Zope 2

Mon, 01 Aug 2005 02:00:46 -0700 

Jim Fulton wrote:

At:

  http://www.zope.org/Wikis/DevSite/Proposals/Zope3ProtectionInZope2

Is a proposal to use Zope 3's protection system in Zope 2.

I think that the proposed change would provide very significan't
benefits, although it also presents some risks.

I'm looking for volunteers to help make this happen,
peferably this fall.


Cool! Zope 3's security system is definitely quite powerful.

However...
You mean you're hoping this could be in Zope 2.9? Probably not surprisingly, you want put in me in the 'skeptics' camp here. :) We already have a job on our hands making Zope 2.9's Five work with Zope 3.2, and actually releasing Zope 3.2 (I'll note that Zope 3.1 is still not released as a final). I would strongly urge that this work is done on a branch so we can ship Zope 2.9 without it if necessary.
I'm definitely worried about backwards compatibility -- how would the effect be handled that any filesystem-level Python code in Zope 2 is considered trusted, for instance? Would security wrappers be removed whenever code is passed along to this level?
Would this also mean a port of the default Zope 3 security policy? I guess that isn't possible as the security information is stored quite differently. Would this mean we would write a new Zope 2 policy, but based on the Zope 3 security policy mechanism, or are we only porting the security-wrapper bits for now?
Is any scheme possible where we could introduce this selectively and in parallel to the existing mechanisms? Like, for instance, a knob on a folderish object that could be turned on so it starts wrapping everything thereafter?
I understand that one huge benefit of this change is that we can stop maintaining Zope 2's security infrastructure, but a huge benefit of doing this in parallel would be that we have some time to really shake out bugs without destabilizing everything else. This has worked very well with Five so far, as it lets people move at their own speeds. The people building the new stuff aren't making life complicated for the rest, and neither are the people who are sticking with the existing stuff slowing down or discourage the people who want to build new things. 

Regards,

Martijn
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce 
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to