Hi Paul!

Paul Winkler wrote:
On Mon, Mar 13, 2006 at 07:06:28PM +0100, yuppie wrote:
I'm concerned about the people we encourage to use Five technology. Views are a major feature of Five. Should we warn people not to use views? Or instruct them how to patch Zope 2 to protect views against being masked by content IDs?

Or just document a warning that content whose ids begin with @@ can mask

I'm wondering if this is a case of "Doctor, it hurts when I do this..."

It's quit common that normal users of Zope applications are allowed to add content. You can educate programmers, but you can't solve a problem like this by educating (sometimes untrusted) users. They can easily screw up a Zope app by overriding important views. And if they can do it some (untrusted) users will do it.



Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to