On Sun, Jun 21, 2009 at 11:55:50AM -0400, Jim Fulton wrote:
> - It aggressively proxies objects using  
> zope.security.checker.ProxyFactory.  Some people don't want
>    to use proxies and those that do might want to use a different  
> proxy or checker implementation.

Grok's publication sub-class is similar to mine:

    http://svn.zope.org/grok/trunk/src/grok/publication.py?view=markup

We I think we both want security proxies around views, but not during
traversal. I've also heard of people who want proxies around the context
and view, but not during traversal.

It's pretty difficult to do the above securely, or at least I was able
to open massive security holes while prototyping my publication object;)
Witness grok's "if IBrowserView.providedBy" dance in the URL above. 

> Maybe in phase 3:
> 
> - Create zope.publication from zope.app.publcatiobn
> - use webtest rather than zope.app.testing.

What's webtest?

> Thoughts?

Sounds good!

> 
> Jim
> 
> --
> Jim Fulton
> Zope Corporation
> 
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope )

-- 
Brian Sutherland
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to