[z3-five] Unexpectedly unprotected code
Paul Winkler
pw_lists at slinkp.com
Wed Jan 31 19:16:25 CET 2007
On Wed, Jan 31, 2007 at 10:15:34AM +0000, Chris Withers wrote:
> Martijn Faassen wrote:
> > My ideas have evolved to the point that I like trusted code more and
> > more, and I'm not sure it's worth the effort to expend a lot of time to
> > make untrusted code work.
>
> Oh I dunno, I think this an exceptionally important use case which the
> Zope community seems to be ignoring more and more and which used to be
> the main thing that brought people to Zope: the ability for a trusted
> but not necessarily fully competent user to write code while protecting
> them from accessing data they shouldn't and trying to help them not
> shoot themselves in the foot...
Hmm, was that really a big draw to Zope? Considering the relative
popularity of various alternatives (php, rails,...) none of which have
a concept of "untrusted" code, I've sometimes wondered if the whole
idea of untrusted code is a solution in search of a problem.
But I'd be curious to hear evidence otherwise.
--
Paul Winkler
http://www.slinkp.com
More information about the z3-five
mailing list