HI Jim
> Betreff: Re: AW: [Zope-dev] Re: Request typing (to get the 
> xmlrpc layer discussionfinished)


> > Configure views on layers will prevent us form backdoors if 
> we reuse 
> > this easy installable eggs ;-)
> >
> > Here is a simple sample of such a built-in backdoor:
> >
> > At our fresh zope installation:
> > http://localhost:8080/@@absolute_url
> >
> > Of corse it's not this dangerous, but it shows you what I mean.
> How do skins avoid this?

Let me explain first how I define layer and skins.

- A layer is a configuration discriminator (request type) 
  for traversable components.

- A named skin (configuration) makes it possible to traverse 
  components using a context and this layer as disriminator
  as url path. 

This means in my point of view a layer is a concept which 
offers a configuration namespace which somebody can use or 
not. If a layer has allready defined views it doesn't affect
anything till we map this layer as traversable namespace.
By a traversable namespace I mean the layer registered by
its traversable name. Also called skin and accessible by

If we register "absolute_url" in a layer which isn't 
used in a skin, then this view is not available as
traversable view because of the missing layer/named skin

Roger Ineichen

> Jim
> --
> Jim Fulton
> Zope Corporation

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to