On Sun, 18 Jul 1999, Robin Becker wrote:
In article <199907181357.XAA01659@mbuna.arbhome.com.au>, Anthony Baxter <anthony@interlink.com.au> writes
This has come up on a number of occasions - the problem is that an external method can subvert all the protections and access control that Zope provides.
Having said that, there's nothing stopping you (or someone else) writing an external method that allows you to edit external methods. :)
Anthony
Yes I know that external methods can do anything. But since the manager can destroy the site what's wrong with allowing editing only for the manager. I realise that malicious managers could wipe the hard disk if the manager user could, but then so can the manager sitting at the console. Nope. The semantic difference between a .dtml file and a .py file is, that .dtml always terminate. Dtmls do not provide general looping or controlflow mechanisms, while external methods written in Python do. (while 1: pass).
Andreas -- Win95: n., A huge annoying boot virus that causes random spontaneous system crashes, usually just before saving a massive project. Easily cured by UNIX. See also MS-DOS, IBM-DOS, DR-DOS, Win 3.x, Win98.