How come you can browse things like the objectIds and objectValues methods through the web? Surely this is exposing information that people shouldn't really know about?
You're right - and stop calling me shirley. :) This is something of a holdover from the bobo days - if you are a method and you have a docstring, you are accessible through the web (but still subject to the std security rules). objectIds and objectValues are a good example of things that really only want to be used from DTML and thus shouldn't have docstrings. I've changed this (and a few other iffy methods) for the next release.
While I'm at it, is there any way to make DTML methods accessible to objects (such as other DTML methods) but not through URLs other than by a tortuous series of proxy roles? I've expressed views about an 'execute' permission in the past but these have fallen on deaf ears.
For example: http://www.codecatalog.com/standard_html_footer
This is messy and there's no reason why it needs to be exposed through a URL.
I don't have a good answer for you, though I tend to agree with you that some things just don't want to be accessed outside of some larger context. I'd like to hear some different viewpoints on how people think something like this should work... Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com