[Zope] database connections from external method
Tino Wildenhain
tino at wildenhain.de
Mon Oct 24 08:14:24 EDT 2005
...
>>> i don't want him to be able to directly access (read/write) the
>>> database i am using. *AFAIK*, ZSQLMethods won't do for this.
>>
>>
>> Then put constraints in on your database, or make the whole connection
>> read-only.
>
>
> I want to have full access rights on the database through the external
> methods.
Usually you dont want that. Sane security constrains on database save
you a lot mistakes if done right. You can also use views and stored
functions to further tighten your security.
Bad done external methods are more likely to open security holes.
>> You're really buying nothing with all this other than wasting a lot of
>> your time...
>
>
> I really hope i don't! :-) As Dieter said, my application is not a
> conventional Zope application.
What is it instead? :)
> I could say that, for this project, i am using Zope:
> - as a much safer alternative to CGI
but not if compromized :)
> - for its templating machinery
> - because it is built on Python and the project is based on Python
> - i like Zope :-)
>
Greets
Tino
More information about the Zope
mailing list