Hi, within the certification we once created a list (drawn from the CC catalogue) of functionality we want to support.
One of those is called "Residual Information Protection" (RIP) The meaning of RIP is that when you delete security attributes (roles, users, groups, permission grants/denials) you want to make sure that the overall consistency of your security attributes is not affected. Example: Bob is a user of your site with the login name "bob". He was granted permissions all over the place, for example in folder "/asdf" he has the permission "perm.ModifyObjects". Bob doesn't want to work with you anymore and tells you so. You delete the user account "bob" from the system. 2 years later. Another Bob arrives and you assign him the same username. Suddenly he has all the permissions that the original "bob" had. This is a simple example of what can happen when you only partially delete security attributes. And it is a known problem with todays Zope 2 security. Two questions arise for me now, as I face implementing the effective removal of residual data: - Does anybody know/understand whether this will heavily collide with undoing transactions or not? - Is there an efficient way on the application-level in Zope 3 to iterate over objects out of the database? (There is something in the ZODB IIRC that can support iterating over objects of the same class) Otherwise this function is likely to become a performance killer, as I'd have to go all over the place to remove stuff. Cheers, Christian -- gocept gmbh & co. kg - schalaunische str. 6 - 06366 koethen - germany www.gocept.com - [EMAIL PROTECTED] - phone +49 3496 30 99 112 - fax +49 3496 30 99 118 - zope and plone consulting and development
Description: This is a digitally signed message part
_______________________________________________ Zope3-dev mailing list Zope3firstname.lastname@example.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com