[Zope3-dev] Protecting class methods

[Brad Bollenbach]

On Mon, Jul 14, 2003 at 08:56:45PM +0300, Steve Alexander wrote:
> Both the <class> and <content> directives make security declarations 
> about the instances of a class, not about a class itself.

>From a usability standpoint, the fact that a <class> tag doesn't allow
protection of class-level attributes can't be good. ;) The knee-jerk
reaction here would be to submit something in the collector, which I
would do after it's been more carefully thought out how to address this
issue, and exactly what the bug is that should be reported.

> There could be a separate directive to make declarations directly for a 
> class.
> 
> Unfortunately, the checker machinery looks up a checker for an object's 
> class and not for the object itself. So, you can't register a checker 
> for your class like that.
> 
> What you can do is provide a __Security_checker__ attribute for your 
> class that is a NamesChecker that allows access to 'new'.
> You don't want to provide this checker for instances, just for the 
> class. So, you need to use a descriptor that stores and retrieves a 

Although it's worth noting in this particular instance (no pun intended)
that you (Sidnei, that is) will probably want to protect instance access
to the .new method as well.

--
Brad Bollenbach
BBnet.ca