[Grok-dev] Let's make security proxies an option
Shane Hathaway
shane at hathawaymix.org
Fri Mar 6 14:18:30 EST 2009
Hi Grokkers,
I'm working on an application with sensitive security requirements. I
really need to deny everything by default, otherwise it's impossible to
enumerate the risks. Still, I'd like to use Grok's features to get this
application working quickly.
Martijn talked about security in Grok here:
http://faassen.n--tree.net/blog/view/weblog/2008/04/17/0
As Martijn explained, Grok currently disables most of Zope 3's model
security because it is somewhat cumbersome. However, one of the primary
things that keep me coming back to Zope is the model security. I need
that safety net.
For my current project, without model security, Grok is a no-go for me.
However, I decided to see if I could re-enable model security by
commenting out the publication factories in grok/configure.zcml. It
worked, except that then my app was inaccessible. I added class
declarations in my own configure.zcml, and everything worked fine again!
Based on this experience, I think Grok should have documented ways to
enable model security and set method and attribute permissions using
Grok functions rather than ZCML. I don't know whether model security
should be enabled by default; that's a much bigger discussion.
Shane
More information about the Grok-dev
mailing list