> Betreff: Re: [Zope-dev] Request typing (to get the xmlrpc
> layer discussionfinished)
> On Dec 17, 2007 10:32 AM, Janko Hauser <[EMAIL PROTECTED]> wrote:
> > Oh that would be a new information for me, so I would be very
> > interested, where this is implemented.
Yes, that's another component which helps you protect
your application from built-in backdoors.
In general I can say:
- baseregistry allows you to configure different ISite component
at a global zcml level. Sites can reuse such sets of global
registration in the local instance. And this registration set
is not populated global at the site root.
- layers allow you to offer predefined sets of configuration
ready to reuse. Without them you can only offer global
configuration sets which can open backdoors.
- skins maps a set of layers to the public and make them
I allways explain it like:
Skins and layers are not needed till it comes to security. And
I allways say skin and layer is the concept which allows us to
separate the model and view and make the view part replacable.
If you use the baseregistry it works at the local site level.
Of corse you don't need layers and skins if you develop one
application and install them on one server. But if it comes
to multi skins and even worse different applications on one
server, we need layers and skins for security reason.
And if you don't use layers and skins, you probably can't
install packages which register views at the default skin
which your server is using without to open backdoors.
Layers and skins are a security concept. And a very good one.
Note, the only secure way to setup a mutli application, multi
site Zope server is to use layers, sites and the baseregistry.
Everything else will make views on different apps available.
And this could be a very big security problem.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -