[Zope] database connections from external method

Vangelis Mihalopoulos mihalop at vtrip.net
Mon Oct 24 07:02:21 EDT 2005


Chris Withers wrote:

> Vangelis Mihalopoulos wrote:
>
>> [zope -> ] (which btw i believe to be very secure) 
>
> The why do you consider it a risk?

I don't really. But when i present my security assessment report saying 
"Zope has never had a compomising security issue." i'll get the 
(expected) answer "Sooner or later, everything gets broken." and i will 
have to additionally demonstrate why compomising zope (in term of 
accessing the ZMI) will have minimum effect on the overall system operation.

>> i don't want him to be able to directly access (read/write) the 
>> database i am using. *AFAIK*, ZSQLMethods won't do for this.
>
> Then put constraints in on your database, or make the whole connection 
> read-only.

I want to have full access rights on the database through the external 
methods.

> You're really buying nothing with all this other than wasting a lot of 
> your time...

I really hope i don't! :-)   
As Dieter said, my application is not a conventional Zope application.
I could say that, for this project, i am using Zope:
 - as a much safer alternative to CGI
 - for its templating machinery
 - because it is built on Python and the project is based on Python
 - i like Zope :-)

Thanks for your comments!
Vangelis



More information about the Zope mailing list