On 4/11/09 8:10 PM, Tim Hoffman wrote:
> If someone where coming to the Zope party now and needed the full
> blown security model and view mechanisms, and the zcml tied to that
> model what would the choice be going forward?
> repoze.bfg has pretty much gutted that model (which is fine as a
> simpler model is definately required, I am planning to revisit bfg
> with my zope on gae work)
As far as I know, the only bit that BFG doesn't have out of the box (or at
in combination with an authentication system like repoze.who) that Zope 2 or
Zope 3 does is the concept of allowing untrusted users to write code (e.g. "TTW
All other concepts present in Zope 2/3 that I know of can be composed using the
out-of-the-box BFG primitives of context-sensitive security (via ACLs attached
to model objects), view permissions, and principals. Because the only code
is published to the web within BFG is view code, no other security is required
for "belt and suspenders"; for example, you don't need to protect model methods
because there's just no way they'll be invoked within a BFG application.
For more information, see http://docs.repoze.org/bfg/narr/security.html .
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -