On Monday 17 December 2007, Roger Ineichen wrote: > Layers and skins are a security concept. And a very good one.
Let me briefly explain what Roger refers to by the word "security" here. We consider, as I mentioned in my previous mail, the availability of views outside of our control a security risk, because someone could have done a mistake or maliciously created a security hole in a view. By controlling the contents of the layers more explicitly, we have a better idea of the views that are available. Furthermore, skins allow us to control the permission settings of our views; overrides allow this as well, of course. Of course, this in itself is not enough to ensure security, but I hope that tools like the one started in z3c.securitytool will eventually help us with analyzing our public views. Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
