On Monday 17 December 2007, Roger Ineichen wrote:
> Layers and skins are a security concept. And a very good one.
Let me briefly explain what Roger refers to by the word "security" here. We
consider, as I mentioned in my previous mail, the availability of views
outside of our control a security risk, because someone could have done a
mistake or maliciously created a security hole in a view. By controlling the
contents of the layers more explicitly, we have a better idea of the views
that are available.
Furthermore, skins allow us to control the permission settings of our views;
overrides allow this as well, of course.
Of course, this in itself is not enough to ensure security, but I hope that
tools like the one started in z3c.securitytool will eventually help us with
analyzing our public views.
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -