On Apr 10, 2009, at 11:32 AM, Hanno Schlichting wrote:
> We do have the use-case of allowing trusted people to add templates or
> code TTW and many other things like data level and view based  
> security.
> The RestrictedPython case however is something we will gladly give up.

Trusted people!?
Are you checking their ID at the door?

All you have in terms of trust are their credentials.
You don't want to allow many, many things TTW, even if they logged in  
with the trusted credentials.

Otherwise, you give them the same credentials on your physical machine  
that serves that app (e.g. they import os TTW).

Finally, even if you are fine with allowing that because you trust  
them, who guarantees that every login with those credentials is really  
that trusted person?


Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to