Chris Withers wrote:
Vangelis Mihalopoulos wrote:
[zope -> ] (which btw i believe to be very secure)
The why do you consider it a risk?
I don't really. But when i present my security assessment report saying "Zope has never had a compomising security issue." i'll get the (expected) answer "Sooner or later, everything gets broken." and i will have to additionally demonstrate why compomising zope (in term of accessing the ZMI) will have minimum effect on the overall system operation.
i don't want him to be able to directly access (read/write) the database i am using. *AFAIK*, ZSQLMethods won't do for this.
Then put constraints in on your database, or make the whole connection read-only.
I want to have full access rights on the database through the external methods.
You're really buying nothing with all this other than wasting a lot of your time...
I really hope i don't! :-) As Dieter said, my application is not a conventional Zope application. I could say that, for this project, i am using Zope: - as a much safer alternative to CGI - for its templating machinery - because it is built on Python and the project is based on Python - i like Zope :-) Thanks for your comments! Vangelis