[Zope3-dev] Protecting class methods
Brad Bollenbach
brad@bbnet.ca
Mon, 14 Jul 2003 15:08:39 -0400
On Mon, Jul 14, 2003 at 08:56:45PM +0300, Steve Alexander wrote:
> Both the <class> and <content> directives make security declarations
> about the instances of a class, not about a class itself.
>From a usability standpoint, the fact that a <class> tag doesn't allow
protection of class-level attributes can't be good. ;) The knee-jerk
reaction here would be to submit something in the collector, which I
would do after it's been more carefully thought out how to address this
issue, and exactly what the bug is that should be reported.
> There could be a separate directive to make declarations directly for a
> class.
>
> Unfortunately, the checker machinery looks up a checker for an object's
> class and not for the object itself. So, you can't register a checker
> for your class like that.
>
> What you can do is provide a __Security_checker__ attribute for your
> class that is a NamesChecker that allows access to 'new'.
> You don't want to provide this checker for instances, just for the
> class. So, you need to use a descriptor that stores and retrieves a
Although it's worth noting in this particular instance (no pun intended)
that you (Sidnei, that is) will probably want to protect instance access
to the .new method as well.
--
Brad Bollenbach
BBnet.ca