Jamie Heilman wrote: [Zope Security is an oxymoron]
3) Never use DTML.
Why? Also, one other thing -- we're doing the standard thing with database connections -- having zsql methods call zodbc connectors; aforementioned connectors are defined with the username/password needed to connect to the DB. Is it possible to either have the password dealt with dynamically (supplied by whatever it is that's calling the zsql method) and/or obscured somehow? -roy Content-Type: text/plain; charset="iso-8859-1" ------------------------------------------------- PLEASE READ THIS WARNING: All e-mail sent to or from this address will be received or otherwise recorded by the Fisher Investments corporate e-mail system and is subject to archival, monitoring or review by, and/or disclosure to, someone other than the recipient.