AW: [Zope-dev] Request typing (to get the xmlrpc layer
discussionfinished)
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Dec 18 09:09:07 EST 2007
On Monday 17 December 2007, Roger Ineichen wrote:
> Layers and skins are a security concept. And a very good one.
Let me briefly explain what Roger refers to by the word "security" here. We
consider, as I mentioned in my previous mail, the availability of views
outside of our control a security risk, because someone could have done a
mistake or maliciously created a security hole in a view. By controlling the
contents of the layers more explicitly, we have a better idea of the views
that are available.
Furthermore, skins allow us to control the permission settings of our views;
overrides allow this as well, of course.
Of course, this in itself is not enough to ensure security, but I hope that
tools like the one started in z3c.securitytool will eventually help us with
analyzing our public views.
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope-Dev
mailing list