Yes, I think a custom product is likely to be the right route. Unfortunately the security problem is a real problem and we are on a deadline. But that's hardly new. Thanks for your help and for the reminder about the security issues around access rules. On Fri, 30 Apr 2004, Jamie Heilman wrote:
Dennis Allison wrote:
Good thought, but it doesn't fit the dynamics of the situation and does not scale. I'm still thinking a path based access permissions approach ought to work provided the access controls are hard to disable and provided the number of legal access paths is relatively small.
Well if you want to secure access rules further I threw a patch into the collector ages ago to remove the silly traversal stack semaphore, its in there somewhere, but if it was me I'd probably write a custom product for something like this. You need 1 object that can identify a user, their state, and control the logic behind what they are presented with next. While that object probably needs to be traversable, there's no reason the objects representing your data (the tests/answers) need be.
-- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )