[Zope3-dev] DISCUSS: Designing for debuggability
Martijn Faassen
faassen@vet.uu.nl
Sat, 8 Dec 2001 22:29:54 +0100
Martijn Faassen wrote:
[snip]
> Some of the security implications of exposing innards to the web would
> become much less fearsome if Zope3 supported some encrypted protocols (such
> as HTTPS) out of the box. Also interesting in that respect is a way to
> spell 'I only want to enable this permission for this role if it's connected
> through HTTPS' or somesuch.
Should've read Jim's stuff *before* I posted this, as he says this here:
"""
Varying level of access with level of authentication. For example, to
gain use of a user's preferences, we might only require a cookie with
their name. To allow the user to change their preferences might require
that they log in with basic authentication. To allow the user to modify
through-the-web code might require authentication over SSL.
"""
The same approach be taken for various debugger options. Very nice.
Regards,
Martijn