[z3-five] Re: securing five products
Tarek Ziadé
tziade at nuxeo.com
Fri Apr 1 18:46:26 MEST 2005
Philipp von Weitershausen wrote:
> Tarek Ziadé wrote:
>
>> Hi list,
>>
>> what would be the steps for a five based product to set security ?
>>
>> -> setting "regular" zope 2 security infos, in all methods, as usual
>> but just in view classes
>
>
> Setting security information using a zope 2 security info objects and
> the so-called declarative security syntax is discouraged, mainly
> because it mixes security declarations into your code.
>
> With Five, security declarations can be made through ZCML, very much
> in the same way as in Zope 3. Below the hood, Five will use a security
> info object; the difference is that you separate it from your actual
> application code.
>
>> -> setting zope2.something permission attributes in the zcml for all
>> browser:page
>
>
> You want to protect your browser:pages with a permission and your
> content objects' attributes and methods too (because they might
> otherwise be accessible through regular Zope 2 traversal and e.g.
> XML-RPC).
>
> So, you do
>
> <content class="...">
> <require ... /> <!-- protect whatever you need to protect -->
> </content>
>
> <browser:page
> ...
> permission="..."
> />
>
> Philipp
> _______________________________________________
> z3-five mailing list
> z3-five at codespeak.net
> http://codespeak.net/mailman/listinfo/z3-five
Ok Thanks, i'll apply
Tarek
--
Tarek ZIADE, Nuxeo SARL: Zope Service Provider.
Mail: tz at nuxeo.com - Tel: +33 (0)6 30 37 02 63
Nuxeo Collaborative Portal Server: http://www.nuxeo.com/cps
Gestion de contenu web / portail collaboratif / groupware / open source
More information about the z3-five
mailing list