Stephan Richter wrote:
> On Tuesday 17 July 2007 09:42, Daniel Nouri wrote:
>> How exactly is it easier to secure a viewlet over securing a view?  The
>> fact that they're traversable doesn't mean that they have to be visible for
>> everyone, does it?  Am I missing something here?
> Content providers and viewlets are not publically traversable. Being 
> traversable does not make them insecure but it offers one more point of 
> access and a potential security hole if not reviewed correctly. Do you test 
> the security for all those little views?

You're right.  There's potential security holes there.  However, my feeling
is that views are well understood and that securing them is trivial.

Actually, I can think of why securing them individually is actually quite
useful.  Imagine I register a utility that's a list of view or adapter names
(for my site's left column).  A rendering view would go over that list, see
if the views apply by trying to look them up on request and context and then
check security.  Lastly, it would render the remaining items.

>From what you say, I'm guessing that in most of your applications, you only
need one level of security, that is, you only secure the viewlet manager itself.

To each his own.  However, I'm not afraid to "roll my own" based on CA
primitives, and others shouldn't be either.


Zope3-users mailing list

Reply via email to