AW: AW: [Zope-dev] Re: Request typing (to get the xmlrpc layer
discussionfinished)
Roger Ineichen
dev at projekt01.ch
Tue Dec 18 05:08:43 EST 2007
HI Jim
> Betreff: Re: AW: [Zope-dev] Re: Request typing (to get the
> xmlrpc layer discussionfinished)
[...]
> > Configure views on layers will prevent us form backdoors if
> we reuse
> > this easy installable eggs ;-)
> >
> > Here is a simple sample of such a built-in backdoor:
> >
> > At our fresh zope installation:
> > http://localhost:8080/@@absolute_url
> >
> > Of corse it's not this dangerous, but it shows you what I mean.
>
>
> How do skins avoid this?
Let me explain first how I define layer and skins.
- A layer is a configuration discriminator (request type)
for traversable components.
- A named skin (configuration) makes it possible to traverse
components using a context and this layer as disriminator
as url path.
This means in my point of view a layer is a concept which
offers a configuration namespace which somebody can use or
not. If a layer has allready defined views it doesn't affect
anything till we map this layer as traversable namespace.
By a traversable namespace I mean the layer registered by
its traversable name. Also called skin and accessible by
++skin++Name.
If we register "absolute_url" in a layer which isn't
used in a skin, then this view is not available as
traversable view because of the missing layer/named skin
configuration.
Regards
Roger Ineichen
> Jim
>
> --
> Jim Fulton
> Zope Corporation
>
>
>
More information about the Zope-Dev
mailing list