11 Apr
2009
11 Apr
'09
1:27 p.m.
Martijn Faassen wrote:
Isn't zope.security a protection system against *accidental* mistakes in building secure applications? I.e. I call a method and then I find out I have no such access. Do we really need to protect the developer against more arcane workarounds?
Yes, that's its stated aim, and I want to rely on that, so I care a lot.
If I *want* to work around the security system deliberately I can simply remove the security proxy and be done with it. It's not like the system is protecting against this anyway.
Well, not if you don't have access to that removal code. Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk