Stephan Richter wrote: > On Tuesday 17 July 2007 09:42, Daniel Nouri wrote: >> How exactly is it easier to secure a viewlet over securing a view? The >> fact that they're traversable doesn't mean that they have to be visible for >> everyone, does it? Am I missing something here? > > Content providers and viewlets are not publically traversable. Being > traversable does not make them insecure but it offers one more point of > access and a potential security hole if not reviewed correctly. Do you test > the security for all those little views?
You're right. There's potential security holes there. However, my feeling is that views are well understood and that securing them is trivial. Actually, I can think of why securing them individually is actually quite useful. Imagine I register a utility that's a list of view or adapter names (for my site's left column). A rendering view would go over that list, see if the views apply by trying to look them up on request and context and then check security. Lastly, it would render the remaining items. >From what you say, I'm guessing that in most of your applications, you only need one level of security, that is, you only secure the viewlet manager itself. To each his own. However, I'm not afraid to "roll my own" based on CA primitives, and others shouldn't be either. Regards, Daniel _______________________________________________ Zope3-users mailing list Zope3firstname.lastname@example.org http://mail.zope.org/mailman/listinfo/zope3-users