[Zope-dev] Re: names starting with '@' are not reserved

yuppie y.2006_ at wcm-solutions.de
Mon Mar 13 14:02:19 EST 2006


Hi Paul!


Paul Winkler wrote:
> On Mon, Mar 13, 2006 at 07:06:28PM +0100, yuppie wrote:
>> I'm concerned about the people we encourage to use Five technology. 
>> Views are a major feature of Five. Should we warn people not to use 
>> views? Or instruct them how to patch Zope 2 to protect views against 
>> being masked by content IDs?
> 
> Or just document a warning that content whose ids begin with @@ can mask
> views?
> 
> I'm wondering if this is a case of "Doctor, it hurts when I do this..."

It's quit common that normal users of Zope applications are allowed to 
add content. You can educate programmers, but you can't solve a problem 
like this by educating (sometimes untrusted) users. They can easily 
screw up a Zope app by overriding important views. And if they can do it 
some (untrusted) users will do it.


Cheers,

	Yuppie



More information about the Zope-Dev mailing list