Martijn Faassen wrote:
One bit that might be problematic is 'proxy leaking'. I imagine if you
use this you're going to leak proxied objects into the rest of your
system whenever you make a call into your system.
Actually, I'm hoping I can have anything content-object like "always
proxied".
One of my original two requirements (which I linked to before) is the
ability for "the system" to just work with objects and have them
complain if you're not allowed to access them, rather than having to
remember that just because you're in "trusted code" the user that the
trusted code is executing on behalf of will "see everything"...
Traditional Zope 2 doesn't work that way: as soon as you make a call
from your Python script, the underlying code that is being called is
trusted. No proxies anywhere (well, except the ubiquitous acquisition
proxies..).
Indeed, sometimes this is handy, sometimes it causes problems...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
