HI

Big +1 from me on this.
I had to do a whole lot of hacks to get this stuff running on app engine and basically
had to gut zope.proxy which was ugly and obviously unsupported.
After getting this running which was a big task I decided to go with repoze.bfg which
just didn't have the security proxies at all because I wouldn't have to support my wierd gutted
fork of zope.proxy and zope.security. (under gae I am not running any untrusted code)

Having a standard way to turn this stuff would be great,

Rgds

Tim


On Mon, Jun 22, 2009 at 5:36 PM, Jim Fulton <jim@zope.com> wrote:

On Jun 21, 2009, at 9:40 PM, Stephan Richter wrote:

> On Sunday 21 June 2009, Jim Fulton wrote:
>> Thoughts?
>
> +1. Sounds really good!
>
> BTW, I would love to hear about a practical example for overriding
> proxy()
> other than turning off security altogether.


2 examples:

- Use a Python-based proxy that's good enough for supporting access
control in trusted code. (It wouldn't protect against devious
untrusted code, but most applications don't really need to run
untrusted code.)

- Use a better system for managing checkers.

Probably the most important feature is disabling proxy-based
protection for applications that don't need an access control model or
that use a non-proxy-based approach.

Jim

--
Jim Fulton
Zope Corporation


_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )