[Zope-dev] PageTemplateFile vs. Bindings vs. Security
Shane Hathaway
shane at zope.com
Tue Mar 23 16:29:01 EST 2004
Jamie Heilman wrote:
> Paradoxically, by ignoring Zope's security framework in the context of
> on-disk methods this actually improves Zope's overall security.
I can see that. It's interesting that when security is burdensome, it
is often less secure overall as a result. I see this pattern everywhere.
> So here's the questions I have for you all... is there a way to
> declare appropriate security on the bindings that are screwing me
> right now from within my product code so that I can selectively poke
> holes to allow container access where needed, or am I to be forcibly
> coerced into exposing my object to restricted code? And two, assuming
> I haven't overlooked some detail about why forcing PageTemplateFile to
> work within the calling security context is a good thing... Shouldn't
> we fix PageTemplateFile to work like DTMLFile wrt security? How hard
> is it going to be to do that?
There certainly ought to be a way to create an unrestricted
PageTemplateFile, though it should be an explicit step.
To do this, I would change Products/PageTemplates/Expressions.py. It
creates an expression evaluation engine and adds expression types to it.
It chooses the unrestricted or the restricted expression types based
on whether the "Zope" module exists. This is a wart. Instead, I think
it should create two engines, one restricted and one unrestricted. Then
you should be able to tell the PageTemplateFile constructor which engine
to use.
Shane
More information about the Zope-Dev
mailing list