[Zope-dev] PageTemplateFile vs. Bindings vs. Security
Dario Lopez-Kästen
dario at ita.chalmers.se
Thu Mar 25 13:35:12 EST 2004
Martijn Faassen wrote:
>
> I'm advocating an explicit option to disable security checks here. I'm
> just also advocating that the current behavior can be sensible in
> certain circumstances. This is the only backwards compatible way anyway.
+1
> Anyway, I disagree on the general philosophical point that it is
> undesirable to have tool or framework support for various best practices
> and experience.
Well, basicalle my point boils down to "if not broken: pass".
Potentially dangeraous breakness in an extreme use case where the
solution really is to avoid the use case alltoghether does not motivate
a technical solution to that particular case - YMMV.
I am not sure we disagree, though I might add that I am not at all for
tools that overdo the "we need to protect the developer as if they were
end users" way of thinking and implements the tools like that.
Tools should be verstile and not too clever in "helping" the user
(user=developer in this case) - I react instinctively to those tools
like I react when MS Word tries to "Help" :-)
/dario
--
-- -------------------------------------------------------------------
Dario Lopez-Kästen, IT Systems & Services Chalmers University of Tech.
More information about the Zope-Dev
mailing list