[Zope-dev] Zope logic

Adrian Hungate adrian@haqa.co.uk
Thu, 30 May 2002 17:42:35 +0100 

Hmmm... interesting points... However I almost completely disagree.

The only part of URL implicit acquisition that I have a problem with is
acquiring from outside the VHost, but if you plan properly, you can even
avoid this.

I have written several sites that use this feature, and I have found no
significant problems with it, and as for it being a problem for caching
proxies, many of the objects that get acquired are dynamic, and provide
different content based on context, so multiple cache entries is the correct
answer.

Adrian...

--
Adrian Hungate
EMail: adrian@haqa.co.uk
Web: http://www.haqa.co.uk

----- Original Message -----
From: "Toby Dickenson" <tdickenson@geminidataloggers.com>
To: "Lennart Regebro" <lennart@torped.se>; "Wei He" <hewei@mail.ied.ac.cn>;
<zope-dev@zope.org>
Sent: Thursday, May 30, 2002 4:07 PM
Subject: Re: [Zope-dev] Zope logic


On Thursday 30 May 2002 10:29 am, Lennart Regebro wrote:

> It not only sounds good, but it is good.No, it' is fantastic. Amazing.
> Totally unbelivingly great! It's one of the best and main features of
Zope.

Is anyone relying on your site to provide information? How do you test your
site to make sure that every possible url (not just the ones you link to) do
not give out misinformation.

Some specific problems that I have encountered:

1. Content that crosses between virtual hosts.

If two different virtual hosts come from the same zope then it is possible
to
construct a URL so that content from one site appears under the hostname
(and
https certificate!) of another.

2. A page that uses a mix of context and containment

If a page is built up with some content found from its context, and other
content from containment, then it is possible to construct a URL so that
apparently related information comes from unrelated objects.  Imagine a
medical imaging database, where it was possible for a page do display the
wrong patient name above an image.


My conclusions are:

a. implicit acquisition is dangerous

b. acquisition that searches outside the containment hierarchy is evil.


Im not keeping up with Zope 3 development..... how does Zope 3 handle
acquisition?


_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )