[Zope3-dev] Need help planning Zope X3 1.0
Jim Penny
jpenny at universal-fasteners.com
Mon Feb 9 12:10:01 EST 2004
On Sun, 8 Feb 2004 15:36:43 -0500
Paul Winkler <pw_lists at slinkp.com> wrote:
> On Sat, Feb 07, 2004 at 07:46:04PM -0500, Jim Fulton wrote:
> > Stephan Richter wrote:
> > >>I don't agree. I don't think this has been well thought out
> > >>and what has been done is controversial.
> > >
> > >
> > >I think it has been controversial because everyone on the mailing
> > >list is not in the audience. Both, the SQLExpr and inline Python
> > >support came from feedback from people that deal with scripters all
> > >the time. For the purists any scripting support will look like a
> > >hack.
> >
I frankly hate SQL expressions, and am 97% in the realm of pure
scripter, in the sense being used here.
I have many problems with it. First, it makes it much harder to
maintain or change in event of a mistake or requirements change if your
SQL methods are directly embedded in many places. Second, many systems
that do this have a history of leaking information inadvertently,
including passwords. While I am sure that you guys will be very
careful, think of the disaster this kind of thing would have caused in
Zope 2.3 where tracebacks were presented to anyone who triggered an
exception.
I think that these requests come from scripters, sure. But they come
from ASP or PHP scripters - and have proven to be real problems in both
of those systems. Don't replicate mistakes!
Jim Penny
More information about the Zope3-dev
mailing list