Hi! Stephan Richter wrote: > On Monday 16 July 2007 19:32, Daniel Nouri wrote: >>> I do not recommend using views for content that is only >>> used inside a template. Because "context/@@viewname" >>> is also traversable as a real view and will probably show >>> up in google. >> How would it show up in Google? Google bots don't try arbitrary URLs, they >> follow links. >> >> Using ordinary views for parts of a HTML page works perfectly for me. > > It works at the cost of security. How do you know that noone will figure out > those views? And how do you know that they are properly secured, if you never > test them standalone? This might not be too problematic for a single project, > but would you like to install a package and suddenly get all those views that > you do not know whether they are properly secured and may reveal sensitive > information? I can tell you that some of my clients do care about this!
How exactly is it easier to secure a viewlet over securing a view? The fact that they're traversable doesn't mean that they have to be visible for everyone, does it? Am I missing something here? Regards Daniel _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users