[Zope-dev] Request For Comments: SecurityJihad

[Michael R. Bernstein]

On 14 Aug 2001 12:31:47 -0400, R. David Murray wrote:
> On Tue, 14 Aug 2001, Casey Duncan wrote:
> >
> > Changing that behavior (which admittedly is unintuitive if not worse),
> > would break the vast majority of existing products. Why not go the other
> > direction and make it so new products must subclass a new base class
> > "DamnSecure" or somesuch that the ZPublisher looks for in order to alter
> > that behavior (and others gracefully). Products that do not use this
> > base class would cause a security warning to be outputted to the console
> > and/or logs.
> 
> As I understand it, this is effectively what the proposal does,

You understand correctly. :-)

> except that instead of a new base class it is triggered simply by
> the use of the (relatively new) declaritive security directives.

The revised proposal does have two new base classes, basically to avoid
breaking all existing classes (Folder, etc.) that subclass Item.

The only major difference in the new classes is the default policy.

> The
> proposal also contains a shortcut way for those product authors
> (or users) to get the broken product working again, by using new
> declarations to...well, turn the bugs back on.

Hmm. While products that mix declarative security with a dependence on
the magic behaviour could be considered buggy, I don't think that you
can say that Zope is buggy in this regard. This is a design flaw that
encourages buggy products, not a bug per-se.

> For those older products that do not use declaritive security, the
> status quo ante would still hold.

Exactly.

Thanks for the excellent description!

Michael Bernstein.