[Zope3-dev] Calling persistent function
Danny Smith
pythonlover75 at yahoo.com
Wed Jan 28 11:09:48 EST 2004
--- Jim Fulton <jim at zope.com> wrote:
> This is because, before you can use a file-system
> module, you must make a security assertion for it
> in zpt. The following should work:
>
> <module module="time">
> <allow attributes="asctime" />
> </module>
>
> Obviously, it would be nice for someone to add a lot
> of these declarations for standard modules to the
> standard
> z3 configuration.
Every attribute of every standard module? What about
standard classes and their attributes and methods,
would security assertions be needed for the whole
standard library API? Sounds like a LOT of xml.
One question, FieldStorage.read() (I think that's the
method) is forbidden, so Zope 3 web scripters can't
deal with file uploads. Would I put a similar
security assertion somewhere? Sould this go in the
relevant package's configure.zcml?
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
More information about the Zope3-dev
mailing list