[Zope-dev] Zope logic

[Toby Dickenson]

On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote:

> It not only sounds good, but it is good.No, it' is fantastic. Amazing.
> Totally unbelivingly great! It's one of the best and main features of Z=
ope.

Is anyone relying on your site to provide information? How do you test yo=
ur=20
site to make sure that every possible url (not just the ones you link to)=
 do=20
not give out misinformation.

Some specific problems that I have encountered:

1. Content that crosses between virtual hosts.

If two different virtual hosts come from the same zope then it is possibl=
e to=20
construct a URL so that content from one site appears under the hostname =
(and=20
https certificate!) of another.

2. A page that uses a mix of context and containment

If a page is built up with some content found from its context, and other=
=20
content from containment, then it is possible to construct a URL so that=20
apparently related information comes from unrelated objects.  Imagine a=20
medical imaging database, where it was possible for a page do display the=
=20
wrong patient name above an image.


My conclusions are:

a. implicit acquisition is dangerous

b. acquisition that searches outside the containment hierarchy is evil.


Im not keeping up with Zope 3 development..... how does Zope 3 handle=20
acquisition?