[z3-five] Re: [z3-checkins] r5852 - in z3/Five/trunk:
. demo/FiveViewsDemo tests tests/products/FiveTest
Martijn Faassen
faassen at infrae.com
Tue Aug 3 11:01:11 MEST 2004
Sidnei da Silva wrote:
> On Mon, Aug 02, 2004 at 11:43:07PM +0200, Martijn Faassen wrote:
> | dreamcatcher at codespeak.net wrote:
> |
> | [snip lots of great looking stuff]
> | >- ViewPageTemplateFile 'modules' uses zope2 SecureModuleImporter now
> | > (eg: browser:page)
> |
> | I'm a bit worried about this one. Aren't we dragging too much of Zope
> | page template security in here? After all, Five ZPTs are trusted, so
> | shouldn't we be able to import what we want?
> |
> | I'm worried about introducing into Five lots of the cursing developers
> | typically do when messing around with security in Zope 2 untrusted code..
>
> Dunno what you meant to say here. It looks to me that
> SecureModuleImporter would be the right thing, as we can't deal with
> z3's proxies yet. What are you suggesting?
>
Right now, Five's page templates are completely trusted, meaning anyone
can do anything in them. Using a SecureModuleImporter breaks this
principle. Why add in useless security to code that is trusted anyway?
In addition, setting up modules so they can be securily imported from
trusted code in Zope 2 is a pain and a hassle I'm not sure we *ever*
want Five developers to be exposed to.
I think until we can deal with Zope 3's security proxies we should
ignore *any* security in Five, except at the outer boundaries where code
can be called through the web. Security is no use half way and it only
encourages workarounds and bugs if it's a pain to use.
Regards,
Martijn
More information about the z3-five
mailing list