HI Big +1 from me on this. I had to do a whole lot of hacks to get this stuff running on app engine and basically had to gut zope.proxy which was ugly and obviously unsupported. After getting this running which was a big task I decided to go with repoze.bfg which just didn't have the security proxies at all because I wouldn't have to support my wierd gutted fork of zope.proxy and zope.security. (under gae I am not running any untrusted code) Having a standard way to turn this stuff would be great, Rgds Tim On Mon, Jun 22, 2009 at 5:36 PM, Jim Fulton <jim@zope.com> wrote:
On Jun 21, 2009, at 9:40 PM, Stephan Richter wrote:
On Sunday 21 June 2009, Jim Fulton wrote:
Thoughts?
+1. Sounds really good!
BTW, I would love to hear about a practical example for overriding proxy() other than turning off security altogether.
2 examples:
- Use a Python-based proxy that's good enough for supporting access control in trusted code. (It wouldn't protect against devious untrusted code, but most applications don't really need to run untrusted code.)
- Use a better system for managing checkers.
Probably the most important feature is disabling proxy-based protection for applications that don't need an access control model or that use a non-proxy-based approach.
Jim
-- Jim Fulton Zope Corporation
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )