Hi Paul!
Paul Winkler wrote:
On Mon, Mar 13, 2006 at 07:06:28PM +0100, yuppie wrote:
I'm concerned about the people we encourage to use Five technology.
Views are a major feature of Five. Should we warn people not to use
views? Or instruct them how to patch Zope 2 to protect views against
being masked by content IDs?
Or just document a warning that content whose ids begin with @@ can mask
views?
I'm wondering if this is a case of "Doctor, it hurts when I do this..."
It's quit common that normal users of Zope applications are allowed to
add content. You can educate programmers, but you can't solve a problem
like this by educating (sometimes untrusted) users. They can easily
screw up a Zope app by overriding important views. And if they can do it
some (untrusted) users will do it.
Cheers,
Yuppie
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
