[Zope-dev] PageTemplateFile vs. Bindings vs. Security
Jamie Heilman
jamie at audible.transient.net
Thu Mar 25 06:01:05 EST 2004
Martijn Faassen wrote:
> Shane Hathaway wrote:
> >There certainly ought to be a way to create an unrestricted
> >PageTemplateFile, though it should be an explicit step.
>
> That is a good suggestion. I'd like that option. It would also be a
> potential performance benefit.
>
> On the other hand, in situations where the PageTemplate designers are
> *not* security conscious (they're designers, not primarily programmers)
> the option of explicit checks is useful.
PageTemplateFile is a class used by Product authors, just like
DTMLFile. If you can write a product, you are either security
conscious or your product is worthless.
--
Jamie Heilman http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81. People said, "No, Holly,
she's not for you." She was cheap, she was stupid and she wouldn't
load -- well, not for me, anyway." -Holly
More information about the Zope-Dev
mailing list