HI Jim
Betreff: Re: AW: [Zope-dev] Re: Request typing (to get the xmlrpc layer discussionfinished)
[...]
Configure views on layers will prevent us form backdoors if we reuse this easy installable eggs ;-)
Here is a simple sample of such a built-in backdoor:
At our fresh zope installation: http://localhost:8080/@@absolute_url
Of corse it's not this dangerous, but it shows you what I mean.
How do skins avoid this?
Let me explain first how I define layer and skins. - A layer is a configuration discriminator (request type) for traversable components. - A named skin (configuration) makes it possible to traverse components using a context and this layer as disriminator as url path. This means in my point of view a layer is a concept which offers a configuration namespace which somebody can use or not. If a layer has allready defined views it doesn't affect anything till we map this layer as traversable namespace. By a traversable namespace I mean the layer registered by its traversable name. Also called skin and accessible by ++skin++Name. If we register "absolute_url" in a layer which isn't used in a skin, then this view is not available as traversable view because of the missing layer/named skin configuration. Regards Roger Ineichen
Jim
-- Jim Fulton Zope Corporation