Martijn Faassen wrote:
> Isn't zope.security a protection system against *accidental* mistakes in
> building secure applications? I.e. I call a method and then I find out I
> have no such access. Do we really need to protect the developer against
> more arcane workarounds?
Yes, that's its stated aim, and I want to rely on that, so I care a lot.
> If I *want* to work around the security system deliberately I can simply
> remove the security proxy and be done with it. It's not like the system
> is protecting against this anyway.
Well, not if you don't have access to that removal code.
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
