On Dec 17, 2007, at 12:39 PM, Roger Ineichen wrote:

Hi

Betreff: [Zope-dev] Re: Request typing (to get the xmlrpc
layer discussionfinished)

[...]

We tend to think up complex use cases and then make the
zope framework
more complicated to deal with them.  Sometimes these are legitimate
use cases, but they are rarely common cases and their
solutions should
generally not be inflicted on the masses.

Configure views on layers will prevent us form backdoors
if we reuse this easy installable eggs ;-)

Here is a simple sample of such a built-in backdoor:

At our fresh zope installation:
http://localhost:8080/@@absolute_url

Of corse it's not this dangerous, but it shows you what I mean.


How do skins avoid this?

Jim

--
Jim Fulton
Zope Corporation


_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to