[Zope-dev] [RFClet]: What about the request method and the client side trojan?
Toby Dickenson
tdickenson@geminidataloggers.com
Mon, 15 Apr 2002 10:59:12 +0100
On Friday 12 Apr 2002 7:19 pm, Jeffrey P Shell wrote:
>that your proposal isn't up there (or the catalog is up to its old charms ;)
No, its not up there.
>But now, does this mean I have to go through and tag every method that might
>cause a state change? Or might not?
You wont ever *have* to do anything to your own methods. You might *want* to,
if you want the extra protection against client side trojans that this
declaration will give.
>Now that I'm understanding things more, I never call non-idempotent methods
>(I hope I'm using that term right) from DTML anymore
Me to. Thats why I was suprised to see the opposition.
>Overall, I still don't know how I feel about the whole thing. It's good to
>have Zope as secure as possible, but if putting that security makes it
>suddenly much harder to develop for or upgrade to/for, I worry about the
>support costs involved.
Indeed.