[Zope] Re: major problems placing authentication on an extranet site-security flaw?

Philip Kilner phil at xfr.co.uk
Fri Feb 10 13:04:30 EST 2006


Hi Michael,

michael nt milne wrote:
> Also I feel that Plone has
> usabillity which sits above it's prettyness. It is a well designed
> interface graphically but also has very strong non graphical usability
> elements.
> 

You are correct - but you are not comparing like with like, as Plone is
an /application/ and Zope is an /application server/.

An analogous comparison might be between a car's dashboard and it's
engine compartment - you would expect the dashboard to be designed for a
human user above all, but the engine compartment - however logically
laid out - is primarily functional and is always going to appear alien
to the person who is more comfortable driving than using a spanner.

Ultimately, Zope's ZMI user interface is designed for techies who want a
minimal user interface which allows them to see the moving parts, not
the kind of end-user oriented GUI that Plone sports.

You've been given a bit of a hard time in this thread, and I think that
some good points have been made, but I've seen your energetic but
somewhat misdirected posting as more a symptom of youth and
over-confidence than any great sin - you seem to be coping with the
feedback, so you'll learn. However, I'd like to make the point that the
counter-productive and gratuitous insults for which Chris is rightly
famous are another thing entirely. He's a clever bloke and helpful, but
he seems to enjoy being rude - which is a shame.

FWIW, I think the best advice you've been given, albeit in the midst of
quite a strong mail were Floyd's - "the security framework in Zope and
Plone was built in the way that it is FOR A REASON" - both in terms of
etiquette and in terms of what should be reasonable to assume, it is
usually best to assume that the core of Zope and Plone /work/, and that
if some part of them appears not to then it is more likely the nut
behind the steering wheel that is responsible, as it were.

;-)

Have a good weekend...


-- 

Regards,

PhilK

Email: phil at xfr.co.uk
PGP Public key: http://www.xfr.co.uk
Voicemail & Facsimile: 07092 070518

"You'll find that one part's sweet and one part's tart:
say where the sweetness and the sourness start."
- Tony Harrison


More information about the Zope mailing list