[Zope-dev] RFC: ZTK custom publications, zope.app.publication, and zope.traversing
Tim Hoffman
timh at zute.net
Mon Jun 22 07:11:46 EDT 2009
HI
Big +1 from me on this.
I had to do a whole lot of hacks to get this stuff running on app engine and
basically
had to gut zope.proxy which was ugly and obviously unsupported.
After getting this running which was a big task I decided to go with
repoze.bfg which
just didn't have the security proxies at all because I wouldn't have to
support my wierd gutted
fork of zope.proxy and zope.security. (under gae I am not running any
untrusted code)
Having a standard way to turn this stuff would be great,
Rgds
Tim
On Mon, Jun 22, 2009 at 5:36 PM, Jim Fulton <jim at zope.com> wrote:
>
> On Jun 21, 2009, at 9:40 PM, Stephan Richter wrote:
>
> > On Sunday 21 June 2009, Jim Fulton wrote:
> >> Thoughts?
> >
> > +1. Sounds really good!
> >
> > BTW, I would love to hear about a practical example for overriding
> > proxy()
> > other than turning off security altogether.
>
>
> 2 examples:
>
> - Use a Python-based proxy that's good enough for supporting access
> control in trusted code. (It wouldn't protect against devious
> untrusted code, but most applications don't really need to run
> untrusted code.)
>
> - Use a better system for managing checkers.
>
> Probably the most important feature is disabling proxy-based
> protection for applications that don't need an access control model or
> that use a non-proxy-based approach.
>
> Jim
>
> --
> Jim Fulton
> Zope Corporation
>
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-dev/attachments/20090622/a9239006/attachment.html
More information about the Zope-Dev
mailing list