On Apr 10, 2009, at 11:32 AM, Hanno Schlichting wrote:
> We do have the use-case of allowing trusted people to add templates or
> code TTW and many other things like data level and view based
> The RestrictedPython case however is something we will gladly give up.
Are you checking their ID at the door?
All you have in terms of trust are their credentials.
You don't want to allow many, many things TTW, even if they logged in
with the trusted credentials.
Otherwise, you give them the same credentials on your physical machine
that serves that app (e.g. they import os TTW).
Finally, even if you are fine with allowing that because you trust
them, who guarantees that every login with those credentials is really
that trusted person?
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -