[Zope-dev] RFC: ZTK custom publications, zope.app.publication, and zope.traversing
Brian Sutherland
brian at vanguardistas.net
Mon Jun 22 04:08:24 EDT 2009
On Sun, Jun 21, 2009 at 11:55:50AM -0400, Jim Fulton wrote:
> - It aggressively proxies objects using
> zope.security.checker.ProxyFactory. Some people don't want
> to use proxies and those that do might want to use a different
> proxy or checker implementation.
Grok's publication sub-class is similar to mine:
http://svn.zope.org/grok/trunk/src/grok/publication.py?view=markup
We I think we both want security proxies around views, but not during
traversal. I've also heard of people who want proxies around the context
and view, but not during traversal.
It's pretty difficult to do the above securely, or at least I was able
to open massive security holes while prototyping my publication object;)
Witness grok's "if IBrowserView.providedBy" dance in the URL above.
> Maybe in phase 3:
>
> - Create zope.publication from zope.app.publcatiobn
> - use webtest rather than zope.app.testing.
What's webtest?
> Thoughts?
Sounds good!
>
> Jim
>
> --
> Jim Fulton
> Zope Corporation
>
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )
--
Brian Sutherland
More information about the Zope-Dev
mailing list