Hi there,

On Nov 20, 2007 11:24 AM, Chris Withers <[EMAIL PROTECTED]> wrote:
[snip]
> > Traditional Zope 2 doesn't work that way: as soon as you make a call
> > from your Python script, the underlying code that is being called is
> > trusted. No proxies anywhere (well, except the ubiquitous acquisition
> > proxies..).
>
> Indeed, sometimes this is handy, sometimes it causes problems...

There will be a problem if proxies get into subsystems without any
security declarations. Most security policies should forbid access in
that case.

You might be surprised how many things you'll need to add security
declarations for. In my experience this seriously kills development
speed early on in the project.

Regards,

Martijn
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to