Hi there,

On Nov 20, 2007 11:24 AM, Chris Withers <[EMAIL PROTECTED]> wrote:
> > Traditional Zope 2 doesn't work that way: as soon as you make a call
> > from your Python script, the underlying code that is being called is
> > trusted. No proxies anywhere (well, except the ubiquitous acquisition
> > proxies..).
> Indeed, sometimes this is handy, sometimes it causes problems...

There will be a problem if proxies get into subsystems without any
security declarations. Most security policies should forbid access in
that case.

You might be surprised how many things you'll need to add security
declarations for. In my experience this seriously kills development
speed early on in the project.


Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to