Dieter Maurer wrote:
I wonder why starting folders with _ is so bad in Zope?
In the time, when everything was allowed what was not explicitely forbidden, an easy way was necessary to forbid access. Jim (and, therefore, Zope) used:
anything starting with "_" is private: no DTML access, no Web access.
Now, with the change to a security policy "Everything is forbidden when not explicitely allowed", the need for such a rule based on naming dwindles. Maybe, it will disappear sometime in the future.
Maybe this is something for dev.zope.org? cheers, Chris
On Sun, 30 Jul 2000 10:38:44 +0100, Chris Withers <chrisw@nipltd.com> wrote:
Dieter Maurer wrote:
I wonder why starting folders with _ is so bad in Zope?
In the time, when everything was allowed what was not explicitely forbidden, an easy way was necessary to forbid access. Jim (and, therefore, Zope) used:
anything starting with "_" is private: no DTML access, no Web access.
Now, with the change to a security policy "Everything is forbidden when not explicitely allowed", the need for such a rule based on naming dwindles. Maybe, it will disappear sometime in the future.
That rules applies at a lower level. It removes the need to have special-case handling for the many low-level objects that should never be web-accessible. Almost all zope-manageable classes (and certainly Folders, that Dieter mentioned) use the old rule. This happens because they derive from SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__. Toby Dickenson tdickenson@geminidataloggers.com
Toby Dickenson wrote:
Almost all zope-manageable classes (and certainly Folders, that Dieter mentioned) use the old rule. This happens because they derive from SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__=1
1) Why does SimpleItem still have this?! Since so much, IIRC, is derived from SimpleItem.Item, surely this goes very much against the grain of 'everything should be protected unless I say otherwise'? 2) Why does having __allow_access_to_unprotected_subobjects__=1 mean that the 'start with _ = hidden/no DTML, no web Access' ruel applies? cheers, Chris
On Mon, 31 Jul 2000, Chris Withers wrote:
Toby Dickenson wrote:
Almost all zope-manageable classes (and certainly Folders, that Dieter mentioned) use the old rule. This happens because they derive from SimpleItem.Item, which has __allow_access_to_unprotected_subobjects__=1
1) Why does SimpleItem still have this?! Since so much, IIRC, is derived from SimpleItem.Item, surely this goes very much against the grain of 'everything should be protected unless I say otherwise'?
If you read the docs about the 2.2 security changes, you'll find the explication. Summary: this is a transitional step.
2) Why does having __allow_access_to_unprotected_subobjects__=1 mean that the 'start with _ = hidden/no DTML, no web Access' ruel applies?
I don't think that's what he meant. I think he meant that keeping that _ behavior was necessary because most objects still use the older 'wide open' security model. But I could be wrong. --RDM
"R. David Murray" wrote:
1) Why does SimpleItem still have this?! Since so much, IIRC, is derived from SimpleItem.Item, surely this goes very much against the grain of 'everything should be protected unless I say otherwise'?
If you read the docs about the 2.2 security changes, you'll find the explication. Summary: this is a transitional step.
IIRC, Brian checked in the change, found that it broke stuff and then reluctantly added this in. I suppose it's godo to bear in mind :-)
2) Why does having __allow_access_to_unprotected_subobjects__=1 mean that the 'start with _ = hidden/no DTML, no web Access' ruel applies?
I don't think that's what he meant. I think he meant that keeping that _ behavior was necessary because most objects still use the older 'wide open' security model. But I could be wrong.
Hmm, I'm gonna try and phrase a proposal on dev.zope.org that might cover this :S cheers, Chris
participants (3)
-
Chris Withers -
R. David Murray -
Toby Dickenson