[Zope] Zope+Python source-code security
Paul Erickson
erickson@kaivo.com
Tue, 30 Apr 2002 09:16:31 -0600
Pawel Lewicki wrote:
>>What will you use if you don't use Zope?
>>
>>
>
>The task is to build an application with www front-end building structure in
>xml (not necessarily) and building dynamic sql queries. It should run on
>many platforms (Windows/Unix). I have no experience with scripting languages
>except for VB so the effort taken to get experience with any chosen platform
>would be comparable. The problem is that the number of supported solutions
>given in Python and Zope would allow to focus on software architecture not
>low level programming.
>What would you suggest?
>
>Pawel Lewicki
>
>
I've never been involved in a project where the client wasn't allowed to
see the source code...
It sounds like you need to use something that is both compiled and not
decompileable. This eliminates Java, Python, PHP, Perl, ruby. It
probably also eliminates .Net - you could ship just the intermediate
language stuff, but then they could see and possibly modify that.
In my world, that leaves you with C and C++, which aren't real great for
web development, because of development time and potential core dumps.
I suppose that you could write a few python extensions in C/C++ that do
some critical database access or some core business logic, that would
return python structures to Zope for formatting/display.
Sounds like a tough position to be in.
Good luck,
-Paul