On Friday 12 Apr 2002 7:19 pm, Jeffrey P Shell wrote:
that your proposal isn't up there (or the catalog is up to its old charms ;)
No, its not up there.
But now, does this mean I have to go through and tag every method that might cause a state change? Or might not?
You wont ever *have* to do anything to your own methods. You might *want* to, if you want the extra protection against client side trojans that this declaration will give.
Now that I'm understanding things more, I never call non-idempotent methods (I hope I'm using that term right) from DTML anymore
Me to. Thats why I was suprised to see the opposition.
Overall, I still don't know how I feel about the whole thing. It's good to have Zope as secure as possible, but if putting that security makes it suddenly much harder to develop for or upgrade to/for, I worry about the support costs involved.
Indeed.