[z3-five] Unexpectedly unprotected code

[Chris McDonough]

As always, a big +1 to anything that helps experienced developers not  
need to care about unstrusted code.

- C

On Jan 31, 2007, at 11:12 AM, Martijn Faassen wrote:

> Chris Withers wrote:
>> Martijn Faassen wrote:
>>> My ideas have evolved to the point that I like trusted code more and
>>> more, and I'm not sure it's worth the effort to expend a lot of  
>>> time to
>>> make untrusted code work.
>>
>> Oh I dunno, I think this an exceptionally important use case which  
>> the
>> Zope community seems to be ignoring more and more and which used  
>> to be
>> the main thing that brought people to Zope: the ability for a trusted
>> but not necessarily fully competent user to write code while  
>> protecting
>> them from accessing data they shouldn't and trying to help them not
>> shoot themselves in the foot...
>>
>> I think that's still well worth doing...
>
> I agree the use case exists. I'm not sure how important it is, though
> traditionally it's been quite important to Zope 2.
>
> I think there are a lot of *other* things we should be doing first to
> make an inexperienced developer happier with Zope 3. Some of those
> things we've been trying to do with Grok.
>
> One of the things that bugs me even as an *experienced* developer is
> that Zope 3's pervasive security has a heavy cost during  
> development. It
> happened to me quite frequently I had to debug why Zope 3 didn't  
> let me
> do something I should do, and I had to dig through ZCML files and add
> security declarations quite often, and mess about with __parent__  
> quite
> often, and use removeAllSecurityProxies() and such quite often. I
> consider this very off-putting to any developer, experienced or not.
>
> Regards,
>
> Martijn
>
> _______________________________________________
> z3-five mailing list
> z3-five at codespeak.net
> http://codespeak.net/mailman/listinfo/z3-five
>