AW: [Zope-dev] Request typing (to get the xmlrpc layer
discussionfinished)
Roger Ineichen
dev at projekt01.ch
Mon Dec 17 12:11:30 EST 2007
Hi all
> Betreff: Re: [Zope-dev] Request typing (to get the xmlrpc
> layer discussionfinished)
>
> On Dec 17, 2007 10:32 AM, Janko Hauser <jh at zscout.de> wrote:
> > Oh that would be a new information for me, so I would be very
> > interested, where this is implemented.
>
> z3c.baseregistry
Yes, that's another component which helps you protect
your application from built-in backdoors.
In general I can say:
- baseregistry allows you to configure different ISite component
at a global zcml level. Sites can reuse such sets of global
registration in the local instance. And this registration set
is not populated global at the site root.
- layers allow you to offer predefined sets of configuration
ready to reuse. Without them you can only offer global
configuration sets which can open backdoors.
- skins maps a set of layers to the public and make them
traversable.
I allways explain it like:
Skins and layers are not needed till it comes to security. And
I allways say skin and layer is the concept which allows us to
separate the model and view and make the view part replacable.
If you use the baseregistry it works at the local site level.
Of corse you don't need layers and skins if you develop one
application and install them on one server. But if it comes
to multi skins and even worse different applications on one
server, we need layers and skins for security reason.
And if you don't use layers and skins, you probably can't
install packages which register views at the default skin
which your server is using without to open backdoors.
Layers and skins are a security concept. And a very good one.
Note, the only secure way to setup a mutli application, multi
site Zope server is to use layers, sites and the baseregistry.
Everything else will make views on different apps available.
And this could be a very big security problem.
Regards
Roger Ineichen
More information about the Zope-Dev
mailing list