[Zope] Using Access Rules
Dennis Allison
allison at sumeru.stanford.EDU
Fri Apr 30 22:49:18 EDT 2004
Yes, I think a custom product is likely to be the right route.
Unfortunately the security problem is a real problem and we are on a
deadline. But that's hardly new.
Thanks for your help and for the reminder about the security issues around
access rules.
On Fri, 30 Apr 2004, Jamie Heilman wrote:
> Dennis Allison wrote:
> > Good thought, but it doesn't fit the dynamics of the situation and does
> > not scale. I'm still thinking a path based access permissions approach
> > ought to work provided the access controls are hard to disable and
> > provided the number of legal access paths is relatively small.
>
> Well if you want to secure access rules further I threw a patch into
> the collector ages ago to remove the silly traversal stack semaphore,
> its in there somewhere, but if it was me I'd probably write a custom
> product for something like this. You need 1 object that can identify
> a user, their state, and control the logic behind what they are
> presented with next. While that object probably needs to be
> traversable, there's no reason the objects representing your data (the
> tests/answers) need be.
>
> --
> Jamie Heilman http://audible.transient.net/~jamie/
> "Most people wouldn't know music if it came up and bit them on the ass."
> -Frank Zappa
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list