On Dec 18, 2007, at 5:08 AM, Roger Ineichen wrote:

HI Jim

Betreff: Re: AW: [Zope-dev] Re: Request typing (to get the
xmlrpc layer discussionfinished)


Configure views on layers will prevent us form backdoors if
we reuse
this easy installable eggs ;-)

Here is a simple sample of such a built-in backdoor:

At our fresh zope installation:

Of corse it's not this dangerous, but it shows you what I mean.

How do skins avoid this?

Let me explain first how I define layer and skins.

- A layer is a configuration discriminator (request type)
 for traversable components.

- A named skin (configuration) makes it possible to traverse
 components using a context and this layer as disriminator
 as url path.

This means in my point of view a layer is a concept which
offers a configuration namespace which somebody can use or
not. If a layer has allready defined views it doesn't affect
anything till we map this layer as traversable namespace.
By a traversable namespace I mean the layer registered by
its traversable name. Also called skin and accessible by

If we register "absolute_url" in a layer which isn't
used in a skin, then this view is not available as
traversable view because of the missing layer/named skin

Which does nothing to "protect" you from components registered for the default layer or for IBrowserRequest.


Jim Fulton
Zope Corporation

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to