16 Sep
2003
16 Sep
'03
8:44 a.m.
In my approach, I'm replaciong a defined method with a method of the same name, and a carefully named help method. These can both be protectde by security assertions easily. I don't know what "security assertions" means, but the next paragraph makes the risks clear.
In your method, you're slapping an arbitarily named attribute into a class object. They're difficult to protect in a fine grained fashion, and if you're careless with your variable names you may squish something important that you didn't mean to... Ok, I see, I could replace something that the zope guys defined in the ZPTs source code.
You conviced me :-) If it's more secure, I'll use it, although it's a longer way. Thanks for your time, Josef