AW: [Zope-dev] Re: Request typing (to get the xmlrpc layer
discussionfinished)
Roger Ineichen
dev at projekt01.ch
Mon Dec 17 12:39:18 EST 2007
Hi
> Betreff: [Zope-dev] Re: Request typing (to get the xmlrpc
> layer discussionfinished)
[...]
> > We tend to think up complex use cases and then make the
> zope framework
> > more complicated to deal with them. Sometimes these are legitimate
> > use cases, but they are rarely common cases and their
> solutions should
> > generally not be inflicted on the masses.
Configure views on layers will prevent us form backdoors
if we reuse this easy installable eggs ;-)
Here is a simple sample of such a built-in backdoor:
At our fresh zope installation:
http://localhost:8080/@@absolute_url
Of corse it's not this dangerous, but it shows you what I mean.
I could you show many more of such built-in backdoors on
production system, but will not do this here because of
security reason.
Regards
Roger Ineichen
More information about the Zope-Dev
mailing list