Chris Withers wrote:

Vangelis Mihalopoulos wrote:

[zope -> ] (which btw i believe to be very secure)

The why do you consider it a risk?

I don't really. But when i present my security assessment report saying "Zope has never had a compomising security issue." i'll get the (expected) answer "Sooner or later, everything gets broken." and i will have to additionally demonstrate why compomising zope (in term of accessing the ZMI) will have minimum effect on the overall system operation.

i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this.

Then put constraints in on your database, or make the whole connection read-only.

I want to have full access rights on the database through the external methods.

You're really buying nothing with all this other than wasting a lot of your time...

I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application.
I could say that, for this project, i am using Zope:
- as a much safer alternative to CGI
- for its templating machinery
- because it is built on Python and the project is based on Python
- i like Zope :-)

Thanks for your comments!

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to