AW: [Zope-dev] Request typing (to get the xmlrpc layer discussionfinished)

Stephan Richter srichter at cosmos.phy.tufts.edu
Tue Dec 18 09:09:07 EST 2007


On Monday 17 December 2007, Roger Ineichen wrote:
> Layers and skins are a security concept. And a very good one.

Let me briefly explain what Roger refers to by the word "security" here. We 
consider, as I mentioned in my previous mail, the availability of views 
outside of our control a security risk, because someone could have done a 
mistake or maliciously created a security hole in a view. By controlling the 
contents of the layers more explicitly, we have a better idea of the views 
that are available.

Furthermore, skins allow us to control the permission settings of our views; 
overrides allow this as well, of course.

Of course, this in itself is not enough to ensure security, but I hope that 
tools like the one started in z3c.securitytool will eventually help us with 
analyzing our public views.

Regards,
Stephan
-- 
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training


More information about the Zope-Dev mailing list