[Zope-dev] Plans for Zope 2.12
Chris Withers
chris at simplistix.co.uk
Fri Feb 6 07:47:03 EST 2009
Tres Seaver wrote:
> Ugh. -1 to any attempt to use "space suits" in Z2. I would rather move
> to a model which made it easy to mark some / all TTW objects as
> "trusted", disabling security checks altogether: the "untrusted users
> can edit TTW code" use case is pretty much irrelevant for any site I
> have worked on, with the exception of "old Zope.org", in ten years of
> working with Zope.
Well yeah, but there's two cases which I bump into a lot:
- semi-trusted and clued users editting ttw
- paranoia over damage to anything other than the ZODB in the case of a
TTW site having its auth compromised. (eg: someone writing their
password on a post-it note)
For both of these, RestrictedPython working as advertising would be a
"good thing"...
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list