[z3-five] Unexpectedly unprotected code
Chris Withers
chris at simplistix.co.uk
Wed Jan 31 21:22:16 CET 2007
Paul Winkler wrote:
> Hmm, was that really a big draw to Zope?
When Zope was growing rapidly (1999-2003 for me, others may disagree)
everyone who came to Zope came to it by installing it and writing TTW
code. That was predicated on what I'm talking about ;-)
> Considering the relative
> popularity of various alternatives (php, rails,...)
I dunno about rails, but considering how heinously insecure php is, I
would quite happilly sacrifice popularity for security.
> none of which have
> a concept of "untrusted" code, I've sometimes wondered if the whole
> idea of untrusted code is a solution in search of a problem.
> But I'd be curious to hear evidence otherwise.
In Zope 2, almost all components had to worry about "untrusted" code.
I'd imagine in Zope 3 that should change to being:
- only publication objects, which must surely control all access based
on security declarations of the objects involved and deny all access to
objects without any assertions
- only code that is designed to be scripted by Zope 2's semi-trusted
users. I'd imagine this would be a much smaller amount of code, and I'd
imagine it would be designed to be highly encapsulated versus the
pervasiveness of Zope 2's "untrusted code"
However, security is also about resricting access to data objects. Zope
2's integrated security policy was a huge huge win for this, I hope that
doesn't ever get lost in Zope 3.
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the z3-five
mailing list