On Monday 17 December 2007, Roger Ineichen wrote:
> Layers and skins are a security concept. And a very good one.

Let me briefly explain what Roger refers to by the word "security" here. We 
consider, as I mentioned in my previous mail, the availability of views 
outside of our control a security risk, because someone could have done a 
mistake or maliciously created a security hole in a view. By controlling the 
contents of the layers more explicitly, we have a better idea of the views 
that are available.

Furthermore, skins allow us to control the permission settings of our views; 
overrides allow this as well, of course.

Of course, this in itself is not enough to ensure security, but I hope that 
tools like the one started in z3c.securitytool will eventually help us with 
analyzing our public views.

Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to