Martijn Faassen wrote:
Jim Fulton wrote:
Is a proposal to use Zope 3's protection system in Zope 2.
I think that the proposed change would provide very significan't
benefits, although it also presents some risks.
I'm looking for volunteers to help make this happen,
peferably this fall.
Cool! Zope 3's security system is definitely quite powerful.
You mean you're hoping this could be in Zope 2.9? Probably not
surprisingly, you want put in me in the 'skeptics' camp here. :)
That's your job. I respect that.
already have a job on our hands making Zope 2.9's Five work with Zope
3.2, and actually releasing Zope 3.2 (I'll note that Zope 3.1 is still
not released as a final). I would strongly urge that this work is done
on a branch so we can ship Zope 2.9 without it if necessary.
I'm definitely worried about backwards compatibility -- how would the
effect be handled that any filesystem-level Python code in Zope 2 is
considered trusted, for instance? Would security wrappers be removed
whenever code is passed along to this level?
No. I noted this as a risk in the proposal. I think we should
strive to make this optional -- for 2 releases.
Would this also mean a port of the default Zope 3 security policy?
No. I'm only talking about the protection system in this proposal.
guess that isn't possible as the security information is stored quite
Someday, I'd like to make the entire arhitecture available. Then the
existing Zope 2 security policy would be one of several that could be
> Would this mean we would write a new Zope 2 policy, but
based on the Zope 3 security policy mechanism, or are we only porting
the security-wrapper bits for now?
I'm only talking about the protection system.
Is any scheme possible where we could introduce this selectively and in
parallel to the existing mechanisms?
Yes, as mentioned in the discussion of risks in the proposal.
Like, for instance, a knob on a
folderish object that could be turned on so it starts wrapping
This would be a system-wide option, controlled via zope.conf or
I understand that one huge benefit of this change is that we can stop
maintaining Zope 2's security infrastructure, but a huge benefit of
doing this in parallel would be that we have some time to really shake
out bugs without destabilizing everything else.
Jim Fulton mailto:[EMAIL PROTECTED] Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -