[z3-five] Re: [z3-checkins] r5852 - in z3/Five/trunk:
. demo/FiveViewsDemo tests tests/products/FiveTest
Sidnei da Silva
sidnei at awkly.org
Tue Aug 3 14:18:07 MEST 2004
On Tue, Aug 03, 2004 at 11:01:11AM +0200, Martijn Faassen wrote:
| Right now, Five's page templates are completely trusted, meaning anyone
| can do anything in them. Using a SecureModuleImporter breaks this
| principle. Why add in useless security to code that is trusted anyway?
|
| In addition, setting up modules so they can be securily imported from
| trusted code in Zope 2 is a pain and a hassle I'm not sure we *ever*
| want Five developers to be exposed to.
|
| I think until we can deal with Zope 3's security proxies we should
| ignore *any* security in Five, except at the outer boundaries where code
| can be called through the web. Security is no use half way and it only
| encourages workarounds and bugs if it's a pain to use.
Got it. So we need a TrustedModuleImporter?
--
Sidnei da Silva <sidnei at awkly.org>
http://awkly.org - dreamcatching :: making your dreams come true
http://www.enfoldsystems.com
http://plone.org/about/team#dreamcatcher
[In 'Doctor' mode], I spent a good ten minutes telling Emacs what I
thought of it. (The response was, 'Perhaps you could try to be less
abusive.')
-- Matt Welsh
More information about the z3-five
mailing list