[Zope3-dev] Security: Permissions to use software (?)
Shane Hathaway
shane at zope.com
Tue Feb 17 11:57:23 EST 2004
On Sun, 15 Feb 2004, Jim Fulton wrote:
> In general then, utilities, modules, factories, etc. should not
> require permissions to use them. An exception is software used to
> access system resources (e.g. databases or files). This means that
> access to factories and most utilities should be unconditionally
> allowed, by specifying zope.Public as the required permission.
> Likewise for module attributes that only perform computation.
We're finding the same pattern in CMF. We've had good success with it.
+1
Shane
More information about the Zope3-dev
mailing list