On Sun, Jun 21, 2009 at 11:55:50AM -0400, Jim Fulton wrote:
- It aggressively proxies objects using zope.security.checker.ProxyFactory. Some people don't want to use proxies and those that do might want to use a different proxy or checker implementation.
Grok's publication sub-class is similar to mine: http://svn.zope.org/grok/trunk/src/grok/publication.py?view=markup We I think we both want security proxies around views, but not during traversal. I've also heard of people who want proxies around the context and view, but not during traversal. It's pretty difficult to do the above securely, or at least I was able to open massive security holes while prototyping my publication object;) Witness grok's "if IBrowserView.providedBy" dance in the URL above.
Maybe in phase 3:
- Create zope.publication from zope.app.publcatiobn - use webtest rather than zope.app.testing.
What's webtest?
Thoughts?
Sounds good!
Jim
-- Jim Fulton Zope Corporation
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
-- Brian Sutherland