Chris Withers wrote:
Vangelis Mihalopoulos wrote:
[zope -> ] (which btw i believe to be very secure)
The why do you consider it a risk?
I don't really. But when i present my security assessment report saying
"Zope has never had a compomising security issue." i'll get the
(expected) answer "Sooner or later, everything gets broken." and i will
have to additionally demonstrate why compomising zope (in term of
accessing the ZMI) will have minimum effect on the overall system operation.
i don't want him to be able to directly access (read/write) the
database i am using. *AFAIK*, ZSQLMethods won't do for this.
Then put constraints in on your database, or make the whole connection
I want to have full access rights on the database through the external
You're really buying nothing with all this other than wasting a lot of
I really hope i don't! :-)
As Dieter said, my application is not a conventional Zope application.
I could say that, for this project, i am using Zope:
- as a much safer alternative to CGI
- for its templating machinery
- because it is built on Python and the project is based on Python
- i like Zope :-)
Thanks for your comments!
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -