[Zope-dev] PageTemplateFile vs. Bindings vs. Security

Jamie Heilman jamie at audible.transient.net
Thu Mar 25 06:01:05 EST 2004


Martijn Faassen wrote:
> Shane Hathaway wrote:
> >There certainly ought to be a way to create an unrestricted 
> >PageTemplateFile, though it should be an explicit step.
>
> That is a good suggestion. I'd like that option. It would also be a 
> potential performance benefit.
> 
> On the other hand, in situations where the PageTemplate designers are 
> *not* security conscious (they're designers, not primarily programmers) 
> the option of explicit checks is useful.

PageTemplateFile is a class used by Product authors, just like
DTMLFile.  If you can write a product, you are either security
conscious or your product is worthless.

-- 
Jamie Heilman                     http://audible.transient.net/~jamie/
"I was in love once -- a Sinclair ZX-81.  People said, "No, Holly,
 she's not for you." She was cheap, she was stupid and she wouldn't
 load -- well, not for me, anyway."                     -Holly



More information about the Zope-Dev mailing list