[z3-five] Re: [z3-checkins] r5852 - in z3/Five/trunk: .
demo/FiveViewsDemo tests tests/products/FiveTest
Philipp von Weitershausen
philipp at weitershausen.de
Tue Aug 3 15:05:50 MEST 2004
Philipp von Weitershausen wrote:
> Sidnei da Silva wrote:
>
>> On Tue, Aug 03, 2004 at 11:01:11AM +0200, Martijn Faassen wrote:
>> | Right now, Five's page templates are completely trusted, meaning
>> anyone | can do anything in them. Using a SecureModuleImporter breaks
>> this | principle. Why add in useless security to code that is trusted
>> anyway?
>> | | In addition, setting up modules so they can be securily imported
>> from | trusted code in Zope 2 is a pain and a hassle I'm not sure we
>> *ever* | want Five developers to be exposed to.
>> | | I think until we can deal with Zope 3's security proxies we should
>> | ignore *any* security in Five, except at the outer boundaries where
>> code | can be called through the web. Security is no use half way and
>> it only | encourages workarounds and bugs if it's a pain to use.
>>
>> Got it. So we need a TrustedModuleImporter?
>
>
> import sys
> TrustedModuleImporter = sys.modules
I take that back. Modules would still have to be imported ;).
But it'd be somethign of that effect...
Philipp
More information about the z3-five
mailing list