On 11/11/99 5:35 PM, Stuart 'Zen' Bishop at zen@cs.rmit.edu.au wrote:
Magic sequence- variables need to have aliases of sequence_ (everyone rabidly agrees on this) Strangely enough no one has owned up to actually implementing the '-' variables, most likely as they are afraid of being lynched.
I looked at this today, it's not going into 2.1 most likely, it's a LOT of work to make sure it works, *and* doesn't have any negative performance impact. Since it will by its nature, I'll need to balance that with a performance enhancement somewhere :-)
Program code should not be embedded in the Reporting language.
Amen.
DTML sucks when used beyond its intended scope as a Reporting language. The ability to program in DTML should be discouraged or possibly depricated.
Discouraged, but that's all we can really do in reality.
DTML is constantly being used beyond its intended scope, as there is no way to program Zope without resorting to External methods or Python Products with their various caveats. In particular, there is no way of running program code in a sandbox without using DTML which means all Zope programmers need to be given effective full control over the Zope installation.
This is why we're a bit skeptical of new tags which encourage this...
PythonMethods is available now and could fill the void if it is integrated with the Zope distribution. Work will need to be done proving that Python Methods opens no security concerns not already valid with DTML.
This is being done, I think... it *will* introduce new security concerns, but we hope to quantify and mitigate them wherever possible. More power always comes with more danger. Chris -- | Christopher Petrilli Python Powered Digital Creations, Inc. | petrilli@digicool.com http://www.digicool.com