Martijn Faassen wrote: > Isn't zope.security a protection system against *accidental* mistakes in > building secure applications? I.e. I call a method and then I find out I > have no such access. Do we really need to protect the developer against > more arcane workarounds?
Yes, that's its stated aim, and I want to rely on that, so I care a lot. > If I *want* to work around the security system deliberately I can simply > remove the security proxy and be done with it. It's not like the system > is protecting against this anyway. Well, not if you don't have access to that removal code. Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )