[z3-five] Re: [z3-checkins] r5852 - in z3/Five/trunk: .
demo/FiveViewsDemo tests tests/products/FiveTest
Philipp von Weitershausen
philipp at weitershausen.de
Tue Aug 3 15:02:50 MEST 2004
Sidnei da Silva wrote:
> On Tue, Aug 03, 2004 at 11:01:11AM +0200, Martijn Faassen wrote:
> | Right now, Five's page templates are completely trusted, meaning anyone
> | can do anything in them. Using a SecureModuleImporter breaks this
> | principle. Why add in useless security to code that is trusted anyway?
> |
> | In addition, setting up modules so they can be securily imported from
> | trusted code in Zope 2 is a pain and a hassle I'm not sure we *ever*
> | want Five developers to be exposed to.
> |
> | I think until we can deal with Zope 3's security proxies we should
> | ignore *any* security in Five, except at the outer boundaries where code
> | can be called through the web. Security is no use half way and it only
> | encourages workarounds and bugs if it's a pain to use.
>
> Got it. So we need a TrustedModuleImporter?
import sys
TrustedModuleImporter = sys.modules
More information about the z3-five
mailing list