Hi there, On Nov 20, 2007 11:24 AM, Chris Withers <[EMAIL PROTECTED]> wrote: [snip] > > Traditional Zope 2 doesn't work that way: as soon as you make a call > > from your Python script, the underlying code that is being called is > > trusted. No proxies anywhere (well, except the ubiquitous acquisition > > proxies..). > > Indeed, sometimes this is handy, sometimes it causes problems...
There will be a problem if proxies get into subsystems without any security declarations. Most security policies should forbid access in that case. You might be surprised how many things you'll need to add security declarations for. In my experience this seriously kills development speed early on in the project. Regards, Martijn _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
